Several buffer management coding errors have been discovered in the OpenSSH code. These coding errors may introduce a security vulnerability, although no known exploit is currently available. Current assessment of the errors indicates that any vulnerability would most likely be limited to a denial-of-service (DoS) attack against a system running affected OpenSSH code. However, it is conceivable that this vulnerability could be used to execute arbitrary code with the privileges of the ssh or sshd program.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center