SecurityFocus 在其网站上公布了一个关于 OpenSSH 的漏洞,信息如下:
OpenSSH CVE-2016-10009 远程执行代码漏洞。
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.
- Bugtraq ID:94968
- Class:Unknown
- CVE:CVE-2016-10009
- Remote:Yes
- Local:No
- Published:Dec 19 2016 12:00AM
- Updated:Dec 20 2016 01:11PM
- Credit:Jann Horn of Project Zero.
易受攻击的版本:
- OpenSSH OpenSSH 7.3
- OpenSSH OpenSSH 7.2p2
- OpenSSH OpenSSH 7.2
- OpenSSH OpenSSH 7.1p2
- OpenSSH OpenSSH 7.1p1
- OpenSSH OpenSSH 7.1
- OpenSSH OpenSSH 7.0
- OpenSSH OpenSSH 6.9p1
- OpenSSH OpenSSH 6.9
- OpenSSH OpenSSH 6.6
- OpenSSH OpenSSH 6.5
- OpenSSH OpenSSH 6.4
- OpenSSH OpenSSH 6.3
- OpenSSH OpenSSH 6.2
- OpenSSH OpenSSH 6.1
- OpenSSH OpenSSH 6.0
- OpenSSH OpenSSH 5.8
- OpenSSH OpenSSH 5.7
- OpenSSH OpenSSH 5.6
- OpenSSH OpenSSH 5.5
- OpenSSH OpenSSH 5.4
- OpenSSH OpenSSH 5.3
- OpenSSH OpenSSH 5.2
- OpenSSH OpenSSH 5.1
- OpenSSH OpenSSH 5.0
不易受攻击的版本:OpenSSH OpenSSH 7.4
因此,还是建议升级到最新版的 OpenSSH。
文章末尾固定信息
继续阅读
