Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

From: "Brandon S. Allbery KF8NH" <allbery () ece cmu edu>
Date: Fri, 20 Jul 2001 23:08:33 -0400
On Friday, July 20, 2001 19:11:02 -0700, Dan Kaminsky <dankamin () cisco com> wrote: 
+-----
| The big issue here, of course, is not that sshd incorrectly checks the
| cryptographic hash of an inadequately sized password but that it checks it
| at all.  NP, as far as I know, specifically stands for No Password
| (acceptable, *not* needed), and !! I believe has the same meaning for
| Linux(! for "no").  SSHD has traditionally when possible directly tested
+--->8
Is it me, or is this the *same* bug that was found in the 1.2.x code some time back? 


--
brandon s. allbery  [os/2][linux][solaris][freebsd]   allbery () kf8nh apk net
system administrator   [JAPH][WAY too many hats]        allbery () ece cmu edu
electrical and computer engineering                                   KF8NH
carnegie mellon university     [linux: proof of the million monkeys theory]
Previous By Date Next
Previous By Thread Next

Current thread: