232
'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
(www.computing.co.uk)
A community for everything relating to the linux operating system
Also check out [email protected]
Original icon base courtesy of [email protected] and The GIMP
If I'm not mistaken, it seems like this is a timing attack and you need a lot of attack attempts to make it work. If you have like a fail2ban rule for ssh it should mitigate this attack to quite some degree, right? (Of course updating would still be the best).
While statistically unlikely, it would be possible to exploit the vulnerability on the first attempt
That's true.