Full Disclosure mailing list archives

Re: SSH Exploit Request

From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 13 Nov 2003 22:08:55 +0100

Robert Davies wrote:

A service is flawed in one way or another, patch it! If the vendor says the
service is broke in some way, believe them, get off your lazy ass and get
patching. If you are the admin, do your job and quit whining!


The OpenSSH maintainers lured Debian into distributing a vulnerable
OpenSSH version by issuing a security advisory (the version distributed
by Debian at that time was not vulnerable).

I'm sorry, things aren't always as easy as you assume.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: SSH Exploit Request, (continued)
- Re: SSH Exploit Request Florian Weimer (Nov 13)
  - Re: SSH Exploit Request Jeremiah Cornelius (Nov 13)
    - Re: SSH Exploit Request Valdis . Kletnieks (Nov 13)
    - RE: SSH Exploit Request Robert Davies (Nov 13)
    - Re: SSH Exploit Request Blue Boar (Nov 13)
    - RE: SSH Exploit Request Poof (Nov 13)
    - Re: SSH Exploit Request Valdis . Kletnieks (Nov 13)
    - Re: SSH Exploit Request Scott Taylor (Nov 13)
    - RE: SSH Exploit Request Robert Davies (Nov 13)
    - Re: SSH Exploit Request Andrew J Caines (Nov 13)
    - Re: SSH Exploit Request Florian Weimer (Nov 13)
    - RE: SSH Exploit Request g0d (Nov 14)
    - Re: SSH Exploit Request Vladimir Parkhaev (Nov 14)
    - Re: SSH Exploit Request g0d (Nov 14)
    - Re: SSH Exploit Request Valdis . Kletnieks (Nov 14)
    - Re: SSH Exploit Request Paul Schmehl (Nov 14)
    - Re: SSH Exploit Request Valdis . Kletnieks (Nov 14)
    - Re: SSH Exploit Request Paul Schmehl (Nov 14)
    - Re: SSH Exploit Request madsaxon (Nov 14)
    - Re: SSH Exploit Request Jeremiah Cornelius (Nov 14)
    - Re: SSH Exploit Request madsaxon (Nov 14)

(Thread continues...)