Here's the CVE: *CVE-2015-5600* http://seclists.org/oss-sec/2015/q3/173
z/OS OpenSSH doesn't support keyboard-interative authentication, so this particular brute force attack on passwords would not apply anyway. I'll also point out a couple of things: 1) All popular security software has defects and vulnerabilities. OpenSSH (which does NOT use SSL/TLS) is generally much better than alternatives like OpenSSL or other popular SSL/TLS implementations. (e.g. "Heartbleed", "Poodle", "FREAK", etc) 2) IBM monitors CVEs against OpenSSH and releases PTFs to address them Kirk Wolf Dovetailed Technologies http://dovetail.com On Mon, Dec 28, 2015 at 2:42 PM, Hansen, Dave L - Eagan, MN < [email protected]> wrote: > > http://arstechnica.com/security/2015/07/bug-in-widely-used-openssh-opens-servers-to-password-cracking/ > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Kirk Wolf > Sent: Monday, December 28, 2015 1:10 PM > To: [email protected] > Subject: Re: rsync anyone? > > > > > ... However, OpenSSH has had security issues IIRC. ... > > > What security issues are those? > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
