Rumours of critical vulnerability in OpenSSH in Red Hat Enterprise Linux
A posting on the Web Hosting Talk forum is feeding speculation about a critical security vulnerability in the OpenSSH server in CentOS/Red Hat Enterprise Linux (RHEL). According to the posting, the vulnerability is present in the OpenSSL version 4.3 used in this distribution. Although the version number is already several years old, the Red Hat development team tend to backport patches for older versions, with the result that the software may well still be up-to-date.
It is rumoured, however, that the development team have introduced an error during this backporting process which may now be able to be exploited to gain access to servers. Scattered online reports of successful attacks, such as the recent attacks on ssanz.net and, some weeks ago, on astalavista.com, may also point to the existence of a zero-day exploit for an unknown vulnerability in specific versions of SSH.
In response to an enquiry from heise Security (The H's associate in Germany), Red Hat's Security Response Team declined to confirm the existence of the vulnerability. They did state that they are aware of the rumours and are watching the situation with the aim of collecting more information. Should it prove to be the case that there is an unpatched vulnerability, they will react as quickly as possible.
The H Security and heise Security would be grateful for any further information on this problem from readers.
An error in the translation process lead to this story referring to OpenSSL. The H apologises for the error.