OpenSSH (version < 3.4p1) && linux

From: chris (chris@secure-packets.com)
Date: Sun Jul 14 2002 - 07:49:51 PDT

Next message: Erwin van der Zwan: "Re: Scanning for blank admin passwords on a windows box"

Previous message: Jason binger: "Re: MS99-027 - New IIS problem?"
Next in thread: Benninghoff, John: "RE: OpenSSH (version < 3.4p1) && linux"
Reply: Benninghoff, John: "RE: OpenSSH (version < 3.4p1) && linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It seems there is much debate on whether linux based hosts are
vulnerable to the recent remote root exploit for OpenSSH.  I have seen
advisories for FreeBSD/NetBSD/OpenBSD but the two systems that I have
most encountered in my tests are Linux and Solaris, though I can't find
a proof of concept exploit for these systems.  Any information would be
greatly appreciated.  

Thanx,
::chris




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Erwin van der Zwan: "Re: Scanning for blank admin passwords on a windows box"
Previous message: Jason binger: "Re: MS99-027 - New IIS problem?"
Next in thread: Benninghoff, John: "RE: OpenSSH (version < 3.4p1) && linux"
Reply: Benninghoff, John: "RE: OpenSSH (version < 3.4p1) && linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 08:57:21 PDT