|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: OpenSSH heads-up
From: Jacques A. Vidrine (nectar
FreeBSD.org)
Date: Tue Sep 16 2003 - 13:54:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Sep 16, 2003 at 12:49:23PM -0600, Brett Glass wrote:
> Interesting.
>
> I could scan the source, but perhaps you already have and can answer
> the following questions:
>
> 1. Could the bug be exploited by someone who had not authenticated
> with the server?
>
> 2. Can it be worked around by changing the configuration until one
> has time to patch? (You mention that it's an SSH2 exploit; perhaps
> one can disable SSH2 and use SSH1 in the interim?)
AFAICT, you need not authenticate, it is not specific to protocol
version 2, and there is no workaround.
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectarcelabo.org . jvidrineverio.net . nectarfreebsd.org . nectarkth.se
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]