-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jan Ciger wrote: > Han Boetes wrote: > | Always fun in the #openbsd channel. Always some people who want to make > | it seems like the end of the world and the next worldwar. > > Ehm, there are reports that it lead to root compromise already, so I > would execute extreme caution about this one. Considering that SSH is on > almost every Unix system, this may be a major issue.
And if this isn't the vulnerability mentioned in the original thread on full-disclosure, what is (considering IIRC those reports were before the news of the patch was out)?? Vince is working on packages, I am running my own on my 9.0 and 9.1 boxes: http://ranger.dnsalias.com/mandrake/9.1/ http://ranger.dnsalias.com/mandrake/9.0/ > > | > | The text is very clear though: > | > | > | All versions of OpenSSH's sshd prior to 3.7 contain a buffer > | management error. It is uncertain whether this error is > | potentially exploitable, however, we prefer to see bugs > | fixed proactively. > > This just means, that they do not know about the exploit yet :-( Not > that your machine cannot be compromised. Considering that Theo was apparently showing some serious concern over some Cisco and HP? routers running openssh ... I would patch ASAP. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/Z3JErJK6UGDSBKcRAtAiAJ4uMTL2AYAGOP8dwGD64CEVcYM3SQCgyuN/ 9e4hSjhSI+7hg0GJ8srvNmk= =fN0D -----END PGP SIGNATURE----- ***************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. *****************************************************************
