On Wednesday, September 17, 2003, at 01:58 AM, T. Ribbrock wrote:
On Tue, Sep 16, 2003 at 10:05:18PM -0500, Avi Schwartz wrote:When it comes to SSH, I am always nervous. In the past, the admin at the time, failed to update SSH and it was used to break into 3 of our machines. So, yeah, I am nervous :-)[...]Today, Mandrake has issued a security update to ssh (BTW, if you did not update it yet, you better do it soon, before the exploit starts circulating).
Well, while updating is definitely recommended, at least there seems to be no reason to panic yet. Quote from the OpenSSH advisory:
"All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
management errors. It is uncertain whether these errors are
potentially exploitable, however, we prefer to see bugs fixed proactively."
Nonetheless, I just *love* the approach of the OpenSSH team. Would be great if everybody did it that way.
Avi
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
