Both 2.3.0 and 2.4.0 don't appear to be vulnerable on my system (Intel Solaris 8). 3.0.0 *was* vulnerable, however, and I was able to easily exploit the system. -----Original Message----- From: Jaime BENJUMEA [mailto:benjumeaat_private] Sent: Saturday, July 21, 2001 12:27 PM To: Stephanie Thomas Cc: bugtraqat_private Subject: Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas wrote: > > A potential remote root exploit has been discovered > in SSH Secure Shell 3.0.0, for Unix only, concerning > accounts with password fields consisting of two or > fewer characters. Unauthorized users could potentially > log in to these accounts using any password, including > an empty password. This affects SSH Secure Shell 3.0.0 > for Unix only. This is a problem with password Does anybody know if previous versions (2.4) are also affected?
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 12:37:50 PDT