[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SSH Exploit?

Subject: Re: [cobalt-users] SSH Exploit?
From: Peter Batenburg <peter@xxxxxxxxxx>
Date: Fri Feb 9 13:16:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hello,

Thats not true. Cobalt rpms from pkg.nl.cobalt.com install openssh 2.1.1:
$ ssh -v
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.

Thats different than ssh1:
OpenSSH
OpenSSH versions prior to 2.3.0 are vulnerable.
OpenSSH versions 2.3.0 and above are not vulnerable, source changes in
deattack.c that fix this problem were incorporated into the source tree on
October 31st, 2000.

so update:ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-2.3.0p1.tar.gz




At 08:31 9-2-2001 -0800, you wrote:

The vulnerability was found to only effect version 1.2.30 , cobalt
has version 2.1.1 of the pkg download site.

Mike
----- Original Message -----
From: "Weihan Leow" <wleow@xxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, February 09, 2001 7:42 AM
Subject: [cobalt-users] SSH Exploit?


> I saw something about sshd on bugtraq.  Should we be alarmed?  Is cobalt
> going to come out with another pkg for us to update sshd?
>
> http://www.securityfocus.com/vdb/bottom.html?vid=2345
>
> -Weihan

References:
- [cobalt-users] SSH Exploit?
  - From: Weihan Leow
- Re: [cobalt-users] SSH Exploit?
  - From: Mike Fritsch

Prev by Date: Re: [cobalt-users] Bind Hack
Next by Date: Re: [cobalt-users] popper problems HELP!
Previous by thread: Re: [cobalt-users] SSH Exploit?
Next by thread: Re: [cobalt-users] SSH Exploit?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index