Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

From: Mike Iglesias (iglesiasat_private)
Date: Tue Sep 28 1999 - 14:24:05 PDT

Next message: Roy Hills: "NT Predictable Initial TCP Sequence numbers: SP5 update"

Previous message: Team Asylum: "Team Asylum: iHTML Merchant Vulnerabilities"
Maybe in reply to: Marc SPARC: "[Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Next in thread: Alan Cox: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> A trivial demo program that demonstrates the problem is attached.  (It
> needs no special privileges; run it as an unprivileged user in any
> writable directory.)  The program reports "okay" under Solaris 2.5.1 and
> IRIX 6.5.2, "vulnerable" under RedHat 6.

According to your program, Digital Unix 4.0B, 4.0D, and Tru64 Unix 4.0F
are all vulnerable.


Mike Iglesias                        Internet:    iglesiasat_private
University of California, Irvine     phone:       949-824-6926
Office of Academic Computing         FAX:         949-824-2069

Next message: Roy Hills: "NT Predictable Initial TCP Sequence numbers: SP5 update"
Previous message: Team Asylum: "Team Asylum: iHTML Merchant Vulnerabilities"
Maybe in reply to: Marc SPARC: "[Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Next in thread: Alan Cox: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:44 PDT