I have not verified this problem, but the advisory looks quite decent. ---------- Forwarded message ---------- Date: Fri, 9 Feb 2001 13:07:08 -0800 (PST) From: David A. Gatwood <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: SSH security vulnerability
I don't usually announce security vulnerabilities, but this one hits close to home. There's a broad, sweeping security hole in basically every version of ssh, both commercial and non-commercial, including OpenSSH. This is fixed in OpenSSH 2.3.0. You are strongly urged to upgrade your systems. Note that there is NO CERT ADVISORY for this yet, as the vulnerability was only discovered yesterday. I've included the pertinent information below. The MkLinux Team -dg --------------------------------------------------------------------- On Fri, 9 Feb 2001, Nick Matsakis wrote: > To: [EMAIL PROTECTED] > > A security hole has recently been exposed in SSHD that may affect users of > the public beta. Unfortunately, I don't know much about what version of > SSHD the public beta comes with, or where one might find an updated > version (Darwin resources would be able to help no doubt) but I thought I > would send out this link anyway, so that those who should no about it can > do the requisite research. > > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html _______________________________________________ mklinux-announce mailing list [EMAIL PROTECTED] http://www.lists.apple.com/mailman/listinfo/mklinux-announce
