On Tue, 25 Jun 2002, wirepair wrote: > http://www.securiteam.com/securitynews/5HP0L1F7FA.html Has anyone > recieved any more information on this? If so what exactly is the issue? > This is the part that scares me: deadly.org has links to the appropriate info, including the ISS advisory. the quick summary is that it is the challenge-response negotiation in the ssh2 code. 3.4 has been announced and the fix has been put in. the openbsd.org web page has been updated, too, to reflect the existence of one remote hole in the default install in nearly 6 years. ___________________________ jose nazario, ph.d. joseat_private http://www.monkey.org/~jose/
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 21:20:20 PDT