On Thu, 2001-11-29 at 22:05, Andrei Bozeanu wrote: > > my fault... ssh_xmalloc() era din alta distributie... in schimb > 3.0.1p1 are probleme la sftp. vreti detalii?! ok... > sftp nu logeaza in utmp cum ar face orice ftp decent,ashadar un "skript > kiddiot" care a sniffat o parola de pop3 poate avea access deplin la > sistem fara ca adminul respectiv sa il vada , plus ca sftp nu ruleaza ca > chroot (http://archives.neohapsis.com/archives/sf/linux/2001-q4/0260.html).
Bine, dar asta nu inseamna ca "openssh-3.0.1 este vulnerabil", asa cum in mod voit "spectaculos" ai anuntat intr-un mesaj precedent, ci doar ca sftp nu scrie niciunde ca cineva s-a logat. Daca am snifuit o parola de pop3 sau ftp, deja inseamna ca situatia e nasoala. Si, oricum, asta nu inseamna decit ca nu sint vulnerabile decit acele masini care au conturi publice si ruleaza protocoale cu autentificare ne-criptata. Destul de departe de "openssh-3.0.1 este si el vulnerabil". -- Florin Andrei "'Fewer fundamental changes' is a mark of a system that isn't evolving as quickly, and that is reaching middle age. We are probably not quite there yet" - Linus Torvalds --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
