"Stephanie Thomas" <customer.serviceat_private> writes: > A potential remote root exploit has been discovered > in SSH Secure Shell 3.0.0, for Unix only, concerning > accounts with password fields consisting of two or > fewer characters. A quick glance at the source code suggests that SSH 2.3.0 and 2.4.0 have the same problem. Is this true? > Use the following patch in the source code: It is not quite clear whether the license agreement permits modification of the source code. -- Florian Weimer Florian.Weimerat_private-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 08:14:17 PDT