Bug 510118 (openssh-rumor, openssh-rumour)
Summary: | OpenSSH 0day rumor | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | atodorov, dgoodwin, djuran, dkovalsk, fche, flint42, iaslanidis, jchadima, jlieskov, mjc, nstrug, pamadio, pvn, ralph, rdassen, security-response-team, sgrubb, Stuart.Kirk, tmraz, vdanen, woodard |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-22 01:02:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2009-07-07 18:42:18 UTC
The Red Hat Security Response team is aware of the unconfirmed rumour regarding a OpenSSH vulnerability. We are continuing to monitor the situation for more information and to establish any real facts surrounding this issue. Should it be found that there is an unfixed critical vulnerability of this type we will of course act immediately to address it. OpenSSH upstream author Damien Miller has a good commentary regarding this issue: http://marc.info/?l=openssh-unix-dev&m=124705272824524&w=2 *** Bug 510199 has been marked as a duplicate of this bug. *** Some more links: SANS have classified this issue as a hoax: http://isc.sans.org/diary.html?storyid=6760 Commentary from OpenSSH developer Damien Miller http://www.itwire.com/content/view/26175/1090/ And more followup coverage: "OpenSSH zero day exploit rumours not confirmed", http://www.heise.de/english/newsticker/news/141817 "OpenSSH update" (repost of Damien Miller's comments), http://lwn.net/Articles/340483/ WARNING: Besides the rumour, there is a fake 0pen0wn.c exploit being circulated around. Do not run it! Thierry wrote an interesting blog post about it at: http://blog.zoller.lu/2009/07/0pen0wnc-shellcode-dissasembled.html It is a good practice not to run any exploit until you understand what the shellcode/payload does :) |