This is not a vulnerability per se but the ssh daemon in its initial header when a client connects gives out its version number besides the protocol version number. Obviously, the protocol version number is needed but the daemon version number would seem to give away information about potential vulnerabilties in the ssh daemon which someone could then try and exploit. A coworker pointed out this behavior to me. Tom
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:50 PDT