See slashdot. There doesn't seem to be a public exploit. There is a new
version released:
ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz
Also be warned of other possibilities:
"every single hp and cisco switch containing this code
is likely vulnerable" -Theo
From Full disclosure email list.
Austin