I think I still owe you the details on this one: All GnuGk versions prior to 4.4 can be crashed by remotely opening and closing multiple ssh connections to the status port (even without having the ssh credentials). As far as I can tell, this "only" results in a denial of service and no remote code execution is possible. So, if you use ssh on the status port, please make sure to update to GnuGk to 4.4. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 Jan Willamowius wrote: > Hi, > > users who have enabled ssh on the status port should block access to > the status port in their firewall or upgrade to the CVS version as soon > as possible. > > More details later. > > Regards, > Jan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
