[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SSH Exploit?

Subject: Re: [cobalt-users] SSH Exploit?
From: Jens Kristian Søgaard <jens@xxxxxxxxxxxxxxxxxxxx>
Date: Fri Feb 9 09:17:17 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,

> I saw something about sshd on bugtraq.  Should we be alarmed?  Is cobalt
> going to come out with another pkg for us to update sshd?

Cobalt does not deliver SSH with any of their products (afaik). The nearest
thing you can come to that, is the OpenSSH PKGs on the NL Cobalt site.
OpenSSH and SSH is two very different things - and thus a bug in one doesn't
necessarily mean a bug in the other.

The bug only applies to those who has installed the "old", original SSH v1 -
and still did not update to the last version (it's only <= v. 1.2.30 that is
affected).

The bug is, that failed login attempts after the fourth try is not logged.

Not a huge bug.

(but it ofcourse makes it a bit easier for a brute force cracker to go
unnoticed)

--
Jens Kristian Søgaard, Mermaid Consulting I/S,
jens@xxxxxxxxxxxxxxxxxxxx,
http://www.mermaidconsulting.com/

References:
- [cobalt-users] SSH Exploit?
  - From: Weihan Leow

Prev by Date: RE: [cobalt-users] Slow/Unresponsive FTP.
Next by Date: Re: [cobalt-users] Is it possible to restore using the gui?
Previous by thread: [cobalt-users] SSH Exploit?
Next by thread: Re: [cobalt-users] SSH Exploit?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index