Vulnerability Development mailing list archives
Re: OpenSSH Vulns (new?) Priv seperation
From: Jose Nazario <jose () monkey org>
Date: Wed, 26 Jun 2002 12:47:26 -0400 (EDT)
On Tue, 25 Jun 2002, wirepair wrote:
http://www.securiteam.com/securitynews/5HP0L1F7FA.html Has anyone recieved any more information on this? If so what exactly is the issue? This is the part that scares me:
deadly.org has links to the appropriate info, including the ISS advisory. the quick summary is that it is the challenge-response negotiation in the ssh2 code. 3.4 has been announced and the fix has been put in. the openbsd.org web page has been updated, too, to reflect the existence of one remote hole in the default install in nearly 6 years. ___________________________ jose nazario, ph.d. jose () monkey org http://www.monkey.org/~jose/
Current thread:
- OpenSSH Vulns (new?) Priv seperation wirepair (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Valdis . Kletnieks (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation John Madden (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Jose Nazario (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Michael Greenberg (Jun 28)
- <Possible follow-ups>
- RE: OpenSSH Vulns (new?) Priv seperation Peter Mueller (Jun 26)
- RE: OpenSSH Vulns (new?) Priv seperation Michal Zalewski (Jun 26)