Raj Mathur wrote:
[Yeah, PuTTY doesn't run under Linux, but then all the people I know who use PuTTY use it to connect to Linux boxen anyway :) So for all you underprivileged types who have to run Winduhs for some reason even though your heart lies in the great open spaces of kernel source, please upgrade PuTTY -- Raju]
This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]> From: Anatole Shaw <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: PuTTY SSH client vulnerability Date: Tue, 26 Oct 2004 23:02:22 -0400
From http://www.chiark.greenend.org.uk/~sgtatham/putty/
======================================================================
2004-10-26 ANOTHER SECURITY HOLE, fixed in PuTTY 0.56
PuTTY 0.56, released today, fixes a serious security hole which can
allow a server to execute code of its choice on a PuTTY client
connecting to it. In SSH2, the attack can be performed before host key
verification, meaning that even if you trust the server you think you
are connecting to, a different machine could be impersonating it and
could launch the attack before you could tell the difference. We
recommend everybody upgrade to 0.56 as soon as possible.
Heh.. If my server executes some code on my client, I would consider it as a feature especially if client is windows..:-)
Shridhar
------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
