Multiple vendors' implementations of the SSH protocol contain buffer overflows and several other vulnerabilities, according to a new advisory issued by CERT. The security holes could be exploited remotely, leading to denial of service or the execution of arbitrary code under the SSH process' privileges. A suite of test apps developed by Rapid7 can test SSH version 1 and 2 products for the various problems. See the advisory for links to solutions and patches from specific vendors.
(N-Stalker Security Force)