[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSH exploit (Was: Re: [cobalt-users] Another Exploit?!? (different than before)...)

Subject: SSH exploit (Was: Re: [cobalt-users] Another Exploit?!? (different than before)...)
From: Nico Meijer <nico.meijer@xxxxxxxxx>
Date: Wed Dec 12 09:11:16 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Kevin,

>What version of ssh do you have? SSH 3.0 from SSH.com has a known root
>exploit vulnerability.

Do you mean *this* exploit?
http://www.kb.cert.org/vuls/id/157447

If so, please be more specific/cautious when you issue a bold statement like
you did above.
It only is a root exploit when UseLogin is enabled. Most distros do not use
this feature by default.

(Explanation on my reaction: I get scared to death every time I read about
this exploit. Almost nobody says it needs UseLogin enabled; it's nothing
personal I have with you; I use 2.9.9p2 without UseLogin and haven't
received an update from my well trusted distro developer).

Apart from that you had very valid points. Thanks.

Buhbye... Nico

Prev by Date: Re: [cobalt-users] Senmail refusing connection
Next by Date: RE: [cobalt-users] Another Exploit?!? (different than before)...
Previous by thread: Re: [cobalt-users] SSH and Telnet on a Qube3
Next by thread: [cobalt-users] sshd question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index