The nest in the thread from bugtraq ~Chris -----Forwarded Message-----
> From: Global InterSec Research <[EMAIL PROTECTED]> > To: [email protected] > Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > Date: 06 Jan 2003 20:05:32 +0000 > > > As some may have gathered, the advisory recently posted by [EMAIL PROTECTED] > was indeed a fake, intended to highlight several unclear statements made in > GIS2002062801. > > The advisory in question is currently being updated with more detailed > information and will be > re-posted at: http://www.globalintersec.com/adv/openssh-2002062801.txt as > soon as it becomes > available. > > Note that the kbd-init flaw described in GIS2002062801 was proven to be > exploitable in our lab > although not all evidence to demonstrate this was provided in the original > advisory. A mistake > was made in the original advisory draft, where chunk content data was shown, > rather than the > entire corrupted malloc chunk. This will be amended in the revision. > > Also note that to our knowledge there are currently no known, exploitable > flaws in OpenSSH 3.5p1, > due to its use of PAM as suggested by [EMAIL PROTECTED] It is almost certain > that the posted > bogus advisory was also intended to cause alarm amongst communities using > OpenSSH, through > miss-information. > > > Global InterSec LLC. > >
signature.asc
Description: This is a digitally signed message part
