Re: OpenSSH Vulns (new?) Priv seperation

From: Jose Nazario (joseat_private)
Date: Wed Jun 26 2002 - 09:47:26 PDT

Next message: Anibal Ambertin: "Re: Java and buffer overflows"

Previous message: cyberiadat_private: "Re: Windows .lnk Files"
In reply to: wirepair: "OpenSSH Vulns (new?) Priv seperation"
Next in thread: Michael Greenberg: "Re: OpenSSH Vulns (new?) Priv seperation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 25 Jun 2002, wirepair wrote:

> http://www.securiteam.com/securitynews/5HP0L1F7FA.html Has anyone
> recieved any more information on this? If so what exactly is the issue?
> This is the part that scares me:

deadly.org has links to the appropriate info, including the ISS advisory.
the quick summary is that it is the challenge-response negotiation in the
ssh2 code.

3.4 has been announced and the fix has been put in. the openbsd.org web
page has been updated, too, to reflect the existence of one remote hole in
the default install in nearly 6 years.

___________________________
jose nazario, ph.d.			joseat_private
					http://www.monkey.org/~jose/

Next message: Anibal Ambertin: "Re: Java and buffer overflows"
Previous message: cyberiadat_private: "Re: Windows .lnk Files"
In reply to: wirepair: "OpenSSH Vulns (new?) Priv seperation"
Next in thread: Michael Greenberg: "Re: OpenSSH Vulns (new?) Priv seperation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 21:20:20 PDT