oss-sec mailing list archives
openssh CVE-2008-1657 question
From: Vincent Danen <vdanen () linsec ca>
Date: Tue, 6 May 2008 13:41:27 -0600
Out of curiousity, CVE-2008-1657 should only affect 4.4-4.9, correct? The ForceCommand functionality was introduced in 4.4. It would be nice if the CVE entry made note of this. Would be even nicer if the boneheads over at SecurityFocus wouldn't go around assuming that <4.9 means everything, including 3.0, without actually doing some checking. Oh, wait, yeah, they go back as far as 1.0. Somehow I don't think that's accurate. -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- openssh CVE-2008-1657 question Vincent Danen (May 06)
- Re: openssh CVE-2008-1657 question Nico Golde (May 06)
- Re: openssh CVE-2008-1657 question Vincent Danen (May 06)
- Re: openssh CVE-2008-1657 question Nico Golde (May 06)