Contributed by Dengue on from the damn-it. dept.
"A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2. Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.
(Comments are closed)