Ok Ok Which is it people? You have 3 security organizations saying "The IBM analysis shows however that either the Linux operating system or GCC compiler may have a problem which manifests itself as a bug in Secure Shell. In any case, this is not a bug in Secure Shell itself. The results with Linux are also preliminary as IBM was not able to do the exploit with clean builds of Linux either. " At the same time saying there aren't exploitable vulnerabilities with SSHD, if there is a problem as described above that "manifests" itself in Secure Shell then it IS a problem with Secure Shell, no matter how indirect. I understand the authors of Secure Shell want to save face by not admitting there is a potential problem and I understand rootshell's embarrassment of being hacked. *BUT* We all need an answer to this question: "Is it possible to gain unauthorized root access to a machine using SSH?" I'm tired of "patch kits" being released to software that the author says isn't vulnerable and all these IBM-Cert-Whatever memo's going around if there is no problem. Stop with the run around people, just give everyone a straight answer. (This is not a rant to bugtraq or anyone specifically, just in general about the entire issue) Thanks! -----Original Message----- From: morex .- <morexat_private> To: BUGTRAQat_private <BUGTRAQat_private> Date: Tuesday, November 03, 1998 4:17 PM Subject: SSH Communications page on rootshell.com >Hello , > >For the paranoid people out there that think sshd is insecure you guys >might want to check out >http://www.ssh.fi/sshprotocols2/rootshell.html > >Happy halloween > >later >morex .- >morexat_private >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:47 PDT