On Wed, 5 Dec 2001 07:11:57 +0100 Przemyslaw Frasunek <venglinat_private> wrote: > On Wednesday 05 December 2001 03:51, Russell Fulton wrote: > > package with SSH-1.5-OpenSSH-1.2.3 in not vulnerable: > > bluebottle:~ >ssh -l`perl -e '{print "A"x90000}'` 130.216.yyy.xxx > > Word too long. > > No, it doesn't mean you're not vulnerable. Some shells (csh, tcsh) limits > argument length and prints 'Word too long'. Oops! Thanks of pointing that out! hmmm... how about: bluebottle:~ >sh $ ssh -l`perl -e '{print "A"x90000}'`130.216.1.228 Usage: ssh [options] host [command] Options: -l user Log in using this user name. -n Redirect input from /dev/null. -A Enable authentication agent forwarding. -a Disable authentication agent forwarding. Now we now get a usage error from the local ssh client. Which ssh client were you using Michal? Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 13:18:11 PST