it should be noted that ssh and sshd make use of insecure functions as mentioned below. [root@squig ~/work/ssh/ssh-1.2.25] nm sshd | egrep 'getnetname|getsecretkey' [428] | 372268| 0|FUNC |GLOB |0 |UNDEF |getnetname [527] | 372280| 0|FUNC |GLOB |0 |UNDEF |getsecretkey [root@squig ~/work/ssh/ssh-1.2.25] nm ssh | grep getnetname [416] | 356736| 0|FUNC |GLOB |0 |UNDEF |getnetname George Clooney wrote: > Functions we have found vulnerable: > > Vulnerable key functions > --------------------------------------------------- > getsecretkey () : Calls getkeys_nis () > > > Vulnerable RPC functions > ---------------------------------------------------- > getnetname () : Calls host2netname () -- nicholas harteau nrhat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:01:41 PDT