|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Darren Pilgrim (dmp_at_pantherdragon.org)
Date: Mon Jan 06 2003 - 15:27:12 CST
Mike Tancsa wrote:
>
> FYI, for those not on bugtraq.
The "advisory" is suspect.
1) The language used in the non-technical parts of the message are
immature, detracting from the credibility of the author.
2) Most ssh clients sends your logged-in username by default if you
don't specify one using the form "user
" on the command line. My
PAM-disabled versions of OpenSSH do this. For a group that supposedly
spent six months researching OpenSSH, you'd think they'd have noticed.
>> Date: Sat, 4 Jan 2003 19:37:03 -0800
>> To: bugtraqsecurityfocus.com
>> Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
>> From: mmhshushmail.com
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]