In article <FNEKKFMHLBAMAHPEHBLMCEAGCAAA.customer.serviceat_private> you wrote: > Dear Secure Shell Community, > A potential remote root exploit has been discovered > in SSH Secure Shell 3.0.0, for Unix only, concerning > accounts with password fields consisting of two or > fewer characters. Unauthorized users could potentially > log in to these accounts using any password, including > an empty password. This affects SSH Secure Shell 3.0.0 > for Unix only. This is a problem with password > authentication to the sshd2 daemon. The SSH Secure > Shell client binaries (located by default in > /usr/local/bin) are not affected. > SSH Secure Shell 3.0.1 fixes this problem. > ... > ... Vulnerable ... > ... > Caldera Linux 2.4 Caldera is not shipping the commercial version of SSH in its Linux distribtuins and so is NOT vulnerable except in cases where the administrator installed the commercial version of SSH. We are instead providing OpenSSH version 2.9p2 for all supported platforms, which is not affected by above flaw. Ciao, Marcus -- _____ ___ / __/____/ / Caldera (Deutschland) GmbH / /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen /_____//_/ /____/ Dipl. Inf. Marcus Meissner, email: mmat_private ==== /_____/ ====== phone: ++49 9131 7912-300, fax: ++49 9131 7192-399 Caldera OpenLinux
This archive was generated by hypermail 2b30 : Sat Jul 21 2001 - 21:26:24 PDT