The machine was hacked via a trusted host setup that the people at rootshell
had going. There is no security problem with 1.2.26 that the people at
rootshell or anywhere else is aware of. Just goes to prove that no matter how
security concious you want to be, some moron is too lazy to type his password.
Don't ask me how I know this ... but I will say it wasn't ME that hacked the
machine.
Aaron
Peter Frouman <[EMAIL PROTECTED]> wrote:
> I hope this is not off-topic but since many on this list are probably
> running sshd, thought you might want to know about this report. Although
> the reported vulnerability is apparently fixed in 2.x there still seems to
> be some disagreement between the ssh folks and rootshell.com as to whether
> the vulnerability actually exists. However, IBM-ERS has also released a
> bulletin and patch info. Anyways, here it is. Normally, I would just
> include a link to the info but it does not seem to be on the rootshell
> archive or www.ers.ibm.com yet.
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
