Bug 510118 (openssh-rumor, openssh-rumour) - OpenSSH 0day rumor
Summary: OpenSSH 0day rumor
Keywords:
Status: CLOSED NOTABUG
Alias: openssh-rumor, openssh-rumour
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 510199 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-07 18:42 UTC by Josh Bressers
Modified: 2019-09-29 12:30 UTC (History)
21 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-22 01:02:38 UTC


Attachments (Terms of Use)

Comment 6 Josh Bressers 2009-07-08 13:08:58 UTC
The Red Hat Security Response team is aware of the unconfirmed rumour regarding a OpenSSH vulnerability.  We are continuing to monitor the situation for more information and to establish any real facts surrounding this issue.  Should it be found that there is an unfixed critical vulnerability of this type we will of course act immediately to address it.

Comment 7 Josh Bressers 2009-07-08 13:11:17 UTC
OpenSSH upstream author Damien Miller has a good commentary regarding this issue:
http://marc.info/?l=openssh-unix-dev&m=124705272824524&w=2

Comment 8 Josh Bressers 2009-07-08 13:19:55 UTC
*** Bug 510199 has been marked as a duplicate of this bug. ***

Comment 13 Mark J. Cox 2009-07-09 14:15:45 UTC
Some more links:

SANS have classified this issue as a hoax:
http://isc.sans.org/diary.html?storyid=6760

Commentary from OpenSSH developer Damien Miller
http://www.itwire.com/content/view/26175/1090/

Comment 14 J.H.M. Dassen (Ray) 2009-07-13 09:10:22 UTC
And more followup coverage:

"OpenSSH zero day exploit rumours not confirmed",
	http://www.heise.de/english/newsticker/news/141817

"OpenSSH update" (repost of Damien Miller's comments),
	http://lwn.net/Articles/340483/

Comment 15 Eugene Teo (Security Response) 2009-07-15 07:11:16 UTC
WARNING: Besides the rumour, there is a fake 0pen0wn.c exploit being circulated around. Do not run it!

Thierry wrote an interesting blog post about it at:
http://blog.zoller.lu/2009/07/0pen0wnc-shellcode-dissasembled.html

It is a good practice not to run any exploit until you understand what the shellcode/payload does :)


Note You need to log in before you can comment on or make changes to this bug.