NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-07

From: Florian Weimer (Florian.WeimerRUS.Uni-Stuttgart.DE)
Date: Sun Jul 22 2001 - 03:03:31 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Stephanie Thomas" <customer.servicessh.com> writes:

> A potential remote root exploit has been discovered
> in SSH Secure Shell 3.0.0, for Unix only, concerning
> accounts with password fields consisting of two or
> fewer characters.

A quick glance at the source code suggests that SSH 2.3.0 and 2.4.0
have the same problem. Is this true?

> Use the following patch in the source code:

It is not quite clear whether the license agreement permits
modification of the source code.

-- 
Florian Weimer 	                  Florian.WeimerRUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]