OpenSSH fixes a critical code execution vulnerability

Sponsored Links
 

OpenSSH , a tool that provides encrypted communication sessions over a computer network using the SSH protocol, has patched a critical code execution vulnerability.

"A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange." The security advisory reads.

"If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations."

The vulnerability was identified by an OpenSSH developer Mark Friedl on November 7th.  The fix has immediately been issued.

The flaw is fixed in OpenSSH 6.4 version.  There is security patch available for those users who prefer to continue use OpenSSH 6.2 or 6.3.
Category: / / / /

Share this with Your friends:


About Author

, founder of E Hacking News, an Information Security enthusiast who has more interest in PenTesting and Malware analysis. You can find him on Google+ Profile , Twitter and Facebook.