Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

From: Brandon S. Allbery KF8NH (allberyat_private)
Date: Fri Jul 20 2001 - 20:08:33 PDT

Next message: Daniel Wittenberg: "permission probs with Arkeia"

Previous message: MALIN, ALEX (PB): "RE: Firewall-1 Information leak"
In reply to: Dan Kaminsky: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Next in thread: Michal Zalewski: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Friday, July 20, 2001 19:11:02 -0700, Dan Kaminsky <dankaminat_private> 
wrote:
+-----
| The big issue here, of course, is not that sshd incorrectly checks the
| cryptographic hash of an inadequately sized password but that it checks it
| at all.  NP, as far as I know, specifically stands for No Password
| (acceptable, *not* needed), and !! I believe has the same meaning for
| Linux(! for "no").  SSHD has traditionally when possible directly tested
+--->8

Is it me, or is this the *same* bug that was found in the 1.2.x code some 
time back?


-- 
brandon s. allbery  [os/2][linux][solaris][freebsd]   allberyat_private
system administrator   [JAPH][WAY too many hats]        allberyat_private
electrical and computer engineering                                   KF8NH
carnegie mellon university     [linux: proof of the million monkeys theory]

Next message: Daniel Wittenberg: "permission probs with Arkeia"
Previous message: MALIN, ALEX (PB): "RE: Firewall-1 Information leak"
In reply to: Dan Kaminsky: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Next in thread: Michal Zalewski: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 11:59:29 PDT