NEW: Urgent: OpenSSH_3.0.1p1 disconnects due to bad packet length and corrupted MAC on input.
Darren Tucker
dtucker at zip.com.au
Wed Jun 19 20:03:26 EST 2002
Daniel Bergman wrote:
> I'm having huge problems with OpenSSH 3.0.1p1, compiled with OpenSSL
> 0.9.6b 9 Jul 2001 and running with prngd_0.9.23, it disconnects unexpectedly
> during client session due to bad packet length and corruped MAC on input,
> according to debug anyway.
Since that version has at least one potential security problem (2 if
it's
linked with zlib 1.1.3) and the server appears to be a firewall I'd say
an upgrade is in order.
I don't know whether or not the errors you're seeing are indicative of
any of these security problems (or attempts to exploit them.) Anyone
else
want to comment?
-Daz.
References:
http://www.openbsd.org/advisories/ssh_channelalloc.txt
http://www.gzip.org/zlib/advisory-2002-03-11.txt
More information about the openssh-unix-dev
mailing list