Does anyone know anything about this "0-day" ssh vulnerability?

Vincent Danen vdanen at
Wed Jul 8 03:14:59 EST 2009

Hi all.  I've looked at the archives and it seems to be quiet regarding
this supposed "0-day" openssh vulnerability and I'm wondering if anyone
here may have some insight or further information regarding it.

We've been monitoring things and the amount of speculative info flying
around is incredible.  Some claim it's the CPNI-957037 issue, thus
affecting <5.2, others are indicating it's the unsafe signal handler
issue fixed in 4.4.

Granted, Red Hat does ship with a patched 4.3, but we have corrected all
issues that we know to have existed with 4.3.  And the veracity of the
supposed "logs" are sketchy at best.


Vincent Danen / Red Hat Security Response Team 

More information about the openssh-unix-dev mailing list