Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Florian Weimer (Florian.WeimerRUS.Uni-Stuttgart.DE)
Date: Sun Jul 22 2001 - 03:03:31 CDT
"Stephanie Thomas" <customer.servicessh.com> writes:
> A potential remote root exploit has been discovered
> in SSH Secure Shell 3.0.0, for Unix only, concerning
> accounts with password fields consisting of two or
> fewer characters.
A quick glance at the source code suggests that SSH 2.3.0 and 2.4.0
have the same problem. Is this true?
> Use the following patch in the source code:
It is not quite clear whether the license agreement permits
modification of the source code.
-- Florian Weimer Florian.WeimerRUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898