Bugtraq mailing list archives
Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
From: Florian Weimer <Florian.Weimer () RUS Uni-Stuttgart DE>
Date: 22 Jul 2001 10:03:31 +0200
"Stephanie Thomas" <customer.service () ssh com> writes:
A potential remote root exploit has been discovered in SSH Secure Shell 3.0.0, for Unix only, concerning accounts with password fields consisting of two or fewer characters.
A quick glance at the source code suggests that SSH 2.3.0 and 2.4.0 have the same problem. Is this true?
Use the following patch in the source code:
It is not quite clear whether the license agreement permits modification of the source code. -- Florian Weimer Florian.Weimer () RUS Uni-Stuttgart DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 20)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Dan Kaminsky (Jul 20)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Dale Southard (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Nate Eldredge (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brandon S. Allbery KF8NH (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Dale Southard (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Michal Zalewski (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 j (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Trond Eivind Glomsrød (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jen B. (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Marcus Meissner (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Florian Weimer (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Thomas Roessler (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Lucian Hudin (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Sports (Jul 24)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Seth Arnold (Jul 24)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Thomas Roessler (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Dan Kaminsky (Jul 20)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Marcin Zurakowski (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jaime BENJUMEA (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jonathan A. Zdziarski (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Roman Drahtmueller (Jul 23)