sshd gives out version number

From: Tom Dyas (tdyasat_private)
Date: Thu Jul 09 1998 - 15:19:42 PDT

Next message: Scott Stubbs: "Re: Sun libnsl lameness"

Previous message: David Schwartz: "Re: ncurses 4.1 security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is not a vulnerability per se but the ssh daemon in its initial
header when a client connects gives out its version number besides the
protocol version number. Obviously, the protocol version number is needed
but the daemon version number would seem to give away information about
potential vulnerabilties in the ssh daemon which someone could then try
and exploit. A coworker pointed out this behavior to me.

Tom

Next message: Scott Stubbs: "Re: Sun libnsl lameness"
Previous message: David Schwartz: "Re: ncurses 4.1 security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:50 PDT