Full Disclosure mailing list archives
Re: new ssh exploit?
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 16 Sep 2003 18:16:34 -0700
Bennett Todd wrote:
This last one broke my camel's back. OpenSSH sshd begone. And so it has. Cool!
<snip>
Right now I wouldn't run an OpenSSH sshd exposed to the internet; lshd is fine there. People who can't get sshv2 clients can go away.
Out of curiosity, what leads you to believe that lshd will be better in terms of future bugs vs. OpenSSH? You specifically mentioned OpenSSL libs and SSHv1 support as concerns with OpenSSH. And sure, it seems unlikely that they just got the very last bug. You also talk about a number of libraries needed by lshd, and some other things that aren't quite fully implemented in it yet. Is it just a matter of having some diversity?
BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: new ssh exploit?, (continued)
- Re: new ssh exploit? Adam Shostack (Sep 15)
- Re: new ssh exploit? Justin Kreger (Sep 15)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Jonathan A. Zdziarski (Sep 16)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Adam Shostack (Sep 15)
- Re: new ssh exploit? Bennett Todd (Sep 16)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Bennett Todd (Sep 16)
- Re: new ssh exploit? Blue Boar (Sep 16)
- Re: new ssh exploit? Bennett Todd (Sep 17)
- Re: new ssh exploit? Bennett Todd (Sep 18)
- Re: new ssh exploit? Damian Gerow (Sep 18)
- Re: new ssh exploit? Bennett Todd (Sep 18)
- Re: new ssh exploit? Damian Gerow (Sep 18)