05 June 2024 IBM i Security Alert: OpenSSH (02/26/2024)

Hello everyone, today another OpenSSH security bulletin.
OpenSSH is the first connectivity tool for remote connection using the SSH protocol. It uses traffic encryption to eliminate eavesdropping, connection hijacking and other attacks.


As a result of this new vulnerability, OpenSSH is vulnerable to a machine-in-the-middle attack caused by a flaw in the protocol’s extension negotiation process. When used with certain extensions, a remote attacker can exploit this vulnerability to launch a machine-in-the-middle attack and strip an arbitrary number of messages after the initial key exchange. The effect of this attack would be to break the exchange of protocol extensions and possibly downgrade the client connection. To correct this CVSS 5.9 vulnerability, you need to apply the following PTF (which you can find here:https://lnkd.in/e7RAfv9u )

Posted in

Latest news

Alert

IBM i Security Alert: Ethernet recovery for certain IBM i adapters (12/03/2025)

12 March 2025
Read more
Alert

IBM i Security Alert: Database bypass denial of service (12/02/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Privilege elevation (02/25/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Vulnerabilities in the Java SDK (11/02/2025)

11 February 2025
Read more
Alert

IBM i Security Alert: RDi XStream (27/01/2025)

27 January 2025
Read more
Alert

IBM i Security Alert: IBM PowerHA SystemMirror (13/01/2025)

13 January 2025
Read more
Alert

IBM i Security Alert: 2 critical vulnerabilities in Rational Developer for i (RDi)!(10/12/2024)

10 December 2024
Read more
Alert

IBM i Security Alert: 4 vulnerabilities in the IBM HTTP Server! (09/12/2024)

09 December 2024
Read more