See slashdot.  There doesn't seem to be a public exploit.  There is a new
version released:

ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz

Also be warned of other possibilities:
"every single hp and cisco switch containing this code
is likely vulnerable" -Theo

 From Full disclosure email list.

Austin