Full Disclosure mailing list archives
Re: new ssh exploit?
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 16 Sep 2003 14:55:07 -0500 (CDT)
On Tue, 16 Sep 2003, Bennett Todd wrote:
2003-09-16T11:25:47 Ron DuFresne:On Mon, 15 Sep 2003, christopher neitzert wrote:1. upgrade to lsh.But, one has to remember ssh does not stand alone, at least openssh, it needs openssl to be properly maintained as well.Another incentive to ditch openssh altogether. lsh seems to work fine. At last. lsh doesn't use openssl. It is a completely different code base from the other sshes.
Interesting. Don't see many posts from you these day Bennett, good to see you live <smile>. Got a pointer? I'd seek out myselfm, but have a huge project that's eating me up at present. SSH and openssl is fast heading down the upgrade,patch,upgrade,patch scenerio of sendmail and wu_ftpd in the 90's.
It's ssh v2 only; I think that's a transition whose time has come.
This I will agree to fully, though, since we see the R* commands persist, and ftpd refuses to die, the list goes on. Don;t a number of appliances also use ssh1 and are not upgradeable? But, yes, ssh1 should have died a year or 4 ago <smile>> Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: new ssh exploit?, (continued)
- Re: new ssh exploit? Cael Abal (Sep 17)
- Re: new ssh exploit? christopher neitzert (Sep 15)
- Re: new ssh exploit? Adam Shostack (Sep 15)
- Re: new ssh exploit? Justin Kreger (Sep 15)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Jonathan A. Zdziarski (Sep 16)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Adam Shostack (Sep 15)
- Re: new ssh exploit? Bennett Todd (Sep 16)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Bennett Todd (Sep 16)
- Re: new ssh exploit? Blue Boar (Sep 16)
- Re: new ssh exploit? Bennett Todd (Sep 17)
- Re: new ssh exploit? Bennett Todd (Sep 18)
- Re: new ssh exploit? Damian Gerow (Sep 18)
- Re: new ssh exploit? Bennett Todd (Sep 18)
- Re: new ssh exploit? Damian Gerow (Sep 18)