Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

From: Jaime BENJUMEA (benjumeaat_private)
Date: Sat Jul 21 2001 - 09:26:48 PDT

Next message: Nate Eldredge: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"

Previous message: thomas.roweat_private: "Re: Internet Explorer file:// URL issues"
In reply to: Stephanie Thomas: "URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Next in thread: Jonathan A. Zdziarski: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Next in thread: Roman Drahtmueller: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Reply: Jonathan A. Zdziarski: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephanie Thomas wrote:

> 
> A potential remote root exploit has been discovered 
> in SSH Secure Shell 3.0.0, for Unix only, concerning 
> accounts with password fields consisting of two or 
> fewer characters. Unauthorized users could potentially 
> log in to these accounts using any password, including 
> an empty password.  This affects SSH Secure Shell 3.0.0
> for Unix only.  This is a problem with password 

Does anybody know if previous versions (2.4) are also affected?

Next message: Nate Eldredge: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Previous message: thomas.roweat_private: "Re: Internet Explorer file:// URL issues"
In reply to: Stephanie Thomas: "URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Next in thread: Jonathan A. Zdziarski: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Next in thread: Roman Drahtmueller: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Reply: Jonathan A. Zdziarski: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 09:55:44 PDT