26 February 2024 Flaw in the OpenSSH connectivity tool and its SSH protocol (24/02/2024)

Hello everyone, today another OpenSSH security bulletin.
OpenSSH is the first connectivity tool for remote connections using the SSH protocol. It uses traffic encryption to eliminate eavesdropping, connection hijacking and other attacks.
As a result of this new vulnerability, OpenSSH is vulnerable to a machine-in-the-middle attack caused by a flaw in the protocol extension negotiation process. When used with certain extensions, a remote attacker can exploit this vulnerability to launch a machine-in-the-middle attack and strip an arbitrary number of messages after the initial key exchange. The effect of this attack would be to break the exchange of protocol extensions and possibly downgrade the client connection. To correct this CVSS 5.9 vulnerability, you need to apply the following PTF (available here: https: //lnkd.in/e7RAfv9u).

Posted in

Latest news

Alert

IBM i Security Alert – Vulnerability on IBM i: HTTP header injection (18/04/2025)

02 May 2025
Read more
Alert

IBM i Security Alert: Ethernet recovery for certain IBM i adapters (12/03/2025)

12 March 2025
Read more
Alert

IBM i Security Alert: Database bypass denial of service (12/02/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Privilege elevation (02/25/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Vulnerabilities in the Java SDK (11/02/2025)

11 February 2025
Read more
Alert

IBM i Security Alert: RDi XStream (27/01/2025)

27 January 2025
Read more
Alert

IBM i Security Alert: IBM PowerHA SystemMirror (13/01/2025)

13 January 2025
Read more
Alert

IBM i Security Alert: 2 critical vulnerabilities in Rational Developer for i (RDi)!(10/12/2024)

10 December 2024
Read more