OpenSSH Remote Challenge Vulnerability Synopsis ISS X-Force discovered a serious vulnerability in the default installation of OpenSSH on the OpenBSD operating system. This vulnerability can potentially be exploited by remote attackers to compromise superuser access. Impact OpenBSD, FreeBSD-Current, and other OpenSSH implementations may be vulnerable to a remote, superuser compromise. Affected Versions OpenBSD 3.0 OpenBSD 3.1 FreeBSD-Current OpenSSH 3.0-3.2.3 Description A vulnerability exists within the "challenge-response" authentication mechanism in the OpenSSH daemon (sshd). This mechanism, part of the SSH2 protocol, verifies a user's identity by generating a challenge and forcing the user to supply a number of responses. A remote attacker can send a specially-crafted reply that triggers an overflow, potentially leading to a remote denial of service attack or complete remote compromise. Recommendations Upgrade to OpenSSH version 3.3, which implements "privilege separation" to mitigate the risk of a superuser compromise. Disable unused OpenSSH authentication mechanisms by editing the parameter in the file to . Use the Internet Scanner X-Press Update (XPU) 6.13 to detect potentially vulnerable installations of OpenSSH. Credits Discovered and researched by Mark Dowd of the ISS X-Force.