|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: OpenSSH heads-up
From: Brett Glass (brett
lariat.org)
Date: Tue Sep 16 2003 - 13:49:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 12:45 PM 9/16/2003, Jacques A. Vidrine wrote:
>There have been rumours of an ssh2 exploit for over a week. The
>first concrete indication that I received that there was a bug was an
>OpenBSD commit message last night.
Interesting.
I could scan the source, but perhaps you already have and can answer
the following questions:
1. Could the bug be exploited by someone who had not authenticated
with the server?
2. Can it be worked around by changing the configuration until one
has time to patch? (You mention that it's an SSH2 exploit; perhaps
one can disable SSH2 and use SSH1 in the interim?)
--Brett Glass
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]