OpenSSH Channel Code Off-By-One Vulnerability

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Attackers may be exploiting this vulnerability in the wild, but this has not been confirmed.

A proof-of-concept exploit has been provided by "Morgan" <>:


Privacy Statement
Copyright 2010, SecurityFocus