Bug 510118 - (openssh-rumor, openssh-rumour) OpenSSH 0day rumor
OpenSSH 0day rumor
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical?,source=redhat,public...
: Security
: 510199 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-07 14:42 EDT by Josh Bressers
Modified: 2014-01-21 01:14 EST (History)
21 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-21 20:02:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 6 Josh Bressers 2009-07-08 09:08:58 EDT
The Red Hat Security Response team is aware of the unconfirmed rumour regarding a OpenSSH vulnerability.  We are continuing to monitor the situation for more information and to establish any real facts surrounding this issue.  Should it be found that there is an unfixed critical vulnerability of this type we will of course act immediately to address it.
Comment 7 Josh Bressers 2009-07-08 09:11:17 EDT
OpenSSH upstream author Damien Miller has a good commentary regarding this issue:
http://marc.info/?l=openssh-unix-dev&m=124705272824524&w=2
Comment 8 Josh Bressers 2009-07-08 09:19:55 EDT
*** Bug 510199 has been marked as a duplicate of this bug. ***
Comment 13 Mark J. Cox 2009-07-09 10:15:45 EDT
Some more links:

SANS have classified this issue as a hoax:
http://isc.sans.org/diary.html?storyid=6760

Commentary from OpenSSH developer Damien Miller
http://www.itwire.com/content/view/26175/1090/
Comment 14 J.H.M. Dassen (Ray) 2009-07-13 05:10:22 EDT
And more followup coverage:

"OpenSSH zero day exploit rumours not confirmed",
	http://www.heise.de/english/newsticker/news/141817

"OpenSSH update" (repost of Damien Miller's comments),
	http://lwn.net/Articles/340483/
Comment 15 Eugene Teo (Security Response) 2009-07-15 03:11:16 EDT
WARNING: Besides the rumour, there is a fake 0pen0wn.c exploit being circulated around. Do not run it!

Thierry wrote an interesting blog post about it at:
http://blog.zoller.lu/2009/07/0pen0wnc-shellcode-dissasembled.html

It is a good practice not to run any exploit until you understand what the shellcode/payload does :)

Note You need to log in before you can comment on or make changes to this bug.