Major security hole found in libssh

Discussion in 'Other Operating Systems' started by metamorphosis, Oct 23, 2018.

Tags:
  1. metamorphosis

    metamorphosis Member

    Joined:
    Feb 25, 2002
    Messages:
    1,645
  2. HyRax1

    HyRax1 ¡Viva la Resolutión!

    Joined:
    Jun 28, 2001
    Messages:
    7,818
    Location:
    At a desk
    Most distro's would have had this sorted by now through automatic security updates. All my Ubuntu machines did. :thumbup:
     
  3. Quadbox

    Quadbox Member

    Joined:
    Jun 27, 2001
    Messages:
    6,033
    Location:
    Brisbane
    And, indeed, most distros are probably only using libssl on the CLIENT side, not on the server side. This does not, for example, affect openssh or dropbear
     
  4. MUTMAN

    MUTMAN Member

    Joined:
    Jun 27, 2001
    Messages:
    5,308
    Location:
    4109
    Will a winblows exe be released to allow the uneducated of us to scan our local networks for vulnerable devices ?
    or do i need to fire up a raspberry pi and run the python script ?
     
  5. Quadbox

    Quadbox Member

    Joined:
    Jun 27, 2001
    Messages:
    6,033
    Location:
    Brisbane
    Are you running any ssh servers?
     
  6. MUTMAN

    MUTMAN Member

    Joined:
    Jun 27, 2001
    Messages:
    5,308
    Location:
    4109
    I have some TinyCore powered Raspberry Pi's that run logitech media server and i'm not sure what it uses for authentication ...
    God only knows what other IOT connected devices have on board and let wide open ..

    edit - and a boxen running XPenology that will definitely be an open target ..
    I dont have them pointed out directly... but a number of *cough* download services are running wild
     

Share This Page