Mainpage
Searchform
History
Versions
Categories
Contents
Deutsch
The program ssh-agent
is vulnerable to security attacks
on Unix platforms. This vulnerability affects all free versions of
SSH up to version 1.2.21 as well as the commercial versions
from F-Secure prior to version 1.3.3.
The vulnerabilty makes it possible for a local user to get access
to the private RSA-Keys of another user using ssh-agent
to manage his private keys.
He can then use these keys to connect to other machines using the
identity of the other user.
You can obtain an updated copy of the ssh package from our ftp-server:
ftp://ftp.suse.com/pub/suse_update/suse51/n1/ssh/ssh.rpm
The original CERT-Advisory can be obtained from the following URL: http://www.secnet.com/sni-advisories/sni-23.ssh.agent.advisory.html
Categories:
Network
Mainpage
Searchform
History
Versions
Categories
Contents
Deutsch