Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
From: Neil Stone <Neil@xxxxxxxxxxxxx>
Date: 25 Jun 2002 12:10:14 +0100
Reply-to: list@xxxxxxxxxxxx

On Tue, 2002-06-25 at 10:26, Simon Waters wrote:

Theo de Raadt announced that the OpenBSD team is working with ISS
on a remote exploit for OpenSSH (a free implementation of the
Secure SHell protocol). They are refusing to provide any details on
the vulnerability but instead are advising everyone to upgrade to
the latest release, version 3.3.


Seems ISS treat them better than the Apache team, or maybe they
learnt their lesson?

Haven't seen anything suggesting the Apache bug is exploitable
on Linux, but I wouldn't take the chance.

Theo made it very clear this new version does not fix the
vulnerability


So whats the point in upgrading then ??

This doesn't sound like good news.


Nope..

Neil

Attachment: signature.asc
Description: This is a digitally signed message part

Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
- From: Theo Zourzouvillys

References:
- [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
  - From: Theo Zourzouvillys
- Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
  - From: Simon Waters

Prev by Date: Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
Next by Date: Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
Previous by thread: Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
Next by thread: Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
Index(es):
- Date
- Thread

Lynx friendly