Bugtraq mailing list archives
Re: Kerberos security vulnerability in SSH-1.2.27
From: atossava () CC HELSINKI FI (Atro Tossavainen)
Date: Thu, 6 Jul 2000 17:27:13 +0300
Dear Jake,
Just posting to note that there is indeed a ssh-1.2.28 release, but lo! also a 1.2.29.
And now, also a 1.2.30. This fixes bugs reported ages ago: * the server accepting unsupported ciphers (notably "none") if so requested by clients, even though the server itself wasn't compiled with "--with-none"; * a syslog handle hogging bug that would cause problems on large multi-user IRIX machines; * and another bug that would sometimes truncate scp transfers. The license issues remain as you said.
Question for the Group: isn't the version 1.x license the only reason for the 1.5 protocol's continued use? (aside from compatibility reasons, which could probably be cleaned up were it not for the ver 2.x license)
Compatibility reasons indeed. For example, there is no AFS support for 2.x. I am aware of the fact that the support in 1.x is third-party. Are there other free SSH2 clients than OpenSSH? Particularly, anything for anything else but UNIX? That might also be an issue. -- Atro Tossavainen (Mr.), Systems Analyst, contact info at URL, +358-9-19158939 The Institute of Biotechnology at the University of Helsinki, Finland employs me, but my opinions are my own. They are welcome to them, if they want them. < URL : http : / / www . iki . fi / atro . tossavainen / >
Current thread:
- Kerberos security vulnerability in SSH-1.2.27 Richard E. Silverman (Jun 30)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)
- Re: Kerberos security vulnerability in SSH-1.2.27 Dug Song (Jul 06)
- [RHSA-2000:041-02] man package's 'makewhatis' uses insecure handling of files in /tmp bugzilla () REDHAT COM (Jul 03)
- Re: Kerberos security vulnerability in SSH-1.2.27 Schlachter, Jake (Jul 05)
- Re: Kerberos security vulnerability in SSH-1.2.27 Atro Tossavainen (Jul 06)
- <Possible follow-ups>
- Re: Kerberos security vulnerability in SSH-1.2.27 anne () SSH COM (Jul 07)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)