Full Disclosure mailing list archives

Re: new ssh exploit?

From: Shanphen Dawa <list () hardlined com>
Date: Tue, 16 Sep 2003 16:41:28 -0500

Do you have a site, with maybe comparisons between the two? I am always looking for bigger and better things :-)


On Tue, 16 Sep 2003 13:39:27 -0400
Bennett Todd <bet () rahul net> wrote:

2003-09-16T11:25:47 Ron DuFresne:

On Mon, 15 Sep 2003, christopher neitzert wrote:

1. upgrade to lsh.


But, one has to remember ssh does not stand alone, at least openssh, it
needs openssl to be properly maintained as well.


Another incentive to ditch openssh altogether. lsh seems to work
fine. At last.

lsh doesn't use openssl. It is a completely different code base from
the other sshes.

It's ssh v2 only; I think that's a transition whose time has come.

-Bennett


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: new ssh exploit?, (continued)
- - - Re: new ssh exploit? Bennett Todd (Sep 18)
    - Re: new ssh exploit? Damian Gerow (Sep 18)
    - Re: new ssh exploit? Bennett Todd (Sep 18)
    - Re: new ssh exploit? Damian Gerow (Sep 18)
    - Re: new ssh exploit? Perry E. Metzger (Sep 18)
    - Re: new ssh exploit? KF (Sep 18)
    - Re: new ssh exploit? KF (Sep 18)
    - lsh patch (was Re: new ssh exploit?) Bennett Todd (Sep 19)
    - Re: lsh patch (was Re: new ssh exploit?) Carl Livitt (Sep 19)
    - Re: lsh patch (was Re: new ssh exploit?) Niels Möller (Sep 19)
    - Re: new ssh exploit? Shanphen Dawa (Sep 16)
- RE: new ssh exploit? Byron Copeland (Sep 15)
- Re: new ssh exploit? Darren Reed (Sep 15)