The call came after an advisory from software engineering institute Cert, dated 16 September, which said versions of Open SSH prior to version 3.7.1 were vulnerable to a buffer overflow exploit. Open SSH offers a secure method for remote linking from client to server, so any exploit could potentially allow an intruder to gain complete control of a system.
Analysts recommended immediate patching but also said users should audit their systems because Unix and open source systems often comprise discrete pieces of code that have been taken from elsewhere.
Because of this, users should thoroughly audit their environment and find ways of keeping on top of new vulnerabilities and patch releases.
Gunter Ollman, x-force assessment security adviser at internet security software supplier ISS, said users of complex Linux and Unix environments with open source components would find it more difficult to keep up with vulnerabilities and patching than those in single-supplier environments.
He said, "It gets difficult with the presence of third-party manufacturers of software involved. At the beginning of the year, when some vulnerabilities were announced in Apache, problems arose because the affected code had been absorbed into other products. This happens a lot with open source.
"There have been a number of vulnerabilities in the past with SSH and there are rumours that there are exploits around at the moment. Whatever the truth of that, it is a high-risk situation and you have to patch your systems immediately. On historical evidence, there will be many people looking at how to exploit this."
Ollman recommended subscribing to advisory mailing lists for all the software you have or using pay-to-use services.
Users have been advised to carry out a thorough audit of their Unix and Linux environments to ensure they know exactly what they have at the operating system level and any of its component parts and then keep up to date with any advisories and patches affecting them.
This was first published in September 2003