A news report (http://www.theregister.co.uk/2008/11/18/ssh_sniffer_attack/) describes an advisory (see http://www.ssh.com/company/news/article/953/) that details vulnerability in the SSH protocol that leaves people open to attack. Apparently hard to exploit, but reported to exist in OpenSSH too. Reproducible: Always
*** This bug has been marked as a duplicate of bug 247466 ***
Cool, apologies for the duplication, had searched but hadn't come across that one in the results.