[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] deactivating Telnet server

SSH 1.2.26 had soem exploits (3 i believe) and then 1.2.27 had a rasef lib
vuln and stuff, I'm still waiting for SSH to get good.

			Adam

Which is worse:  Ignorance or Apathy?
Who Knows?  Who cares?
_____________________________________________________________
|Adam Williams                  adam@xxxxxxxxxx             |
|Network Administrator          Vicksburg Chemical Company  |
-------------------------------------------------------------

On Thu, 15 Jun 2000, Steven Werby wrote:

> Adam Williams <adam@xxxxxxxxxxxxxx> wrote:
> > Err, make that the SSH daemon, I have poor typing habits :)
> 
> I would have known what you meant.  Interesting - the email you are referring to
> hasn't arrived yet.
> 
> > > Yeah I'd use SSH if the SSD daemon didn't have so many buffer overflow
> > > problems.  Look at www.lwn.net security section, yet another exploit was
> > > found in openSSH.  Come on guys...
> 
> I wasn't aware of the buffer overflow problem when I installed SSH many moons ago,
> but I'm going to continue to use it.
> 
> >From http://www.lwn.net/2000/0615/security.php3: "A new release of OpenSSH has been
> announced. This new version, 2.1.1, contains a security fix for a vulnerability in
> OpenSSH that may exist if the UseLogin feature is enabled (not enabled by default)."
> 
> Notice that it says the vulnerablity is for a feature that is not enabled by default.
> I'm not worried about that at all.  There very well could be other exploits of SSH,
> but I'm still sticking with it.  I'll risk a few exploits over the alternative of
> sending my passwords clear text.  To each his/her own.
> 
> Steven Werby {steven-lists@xxxxxxxxxxxx}
> 
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>