I have not verified this problem, but the advisory looks quite decent.
---------- Forwarded message ----------
Date: Fri, 9 Feb 2001 13:07:08 -0800 (PST)
From: David A. Gatwood <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: SSH security vulnerability
I don't usually announce security vulnerabilities, but this one hits close
to home. There's a broad, sweeping security hole in basically every
version of ssh, both commercial and non-commercial, including OpenSSH.
This is fixed in OpenSSH 2.3.0. You are strongly urged to upgrade your
systems.
Note that there is NO CERT ADVISORY for this yet, as the vulnerability was
only discovered yesterday. I've included the pertinent information below.
The MkLinux Team
-dg
---------------------------------------------------------------------
On Fri, 9 Feb 2001, Nick Matsakis wrote:
> To: [EMAIL PROTECTED]
>
> A security hole has recently been exposed in SSHD that may affect users of
> the public beta. Unfortunately, I don't know much about what version of
> SSHD the public beta comes with, or where one might find an updated
> version (Darwin resources would be able to help no doubt) but I thought I
> would send out this link anyway, so that those who should no about it can
> do the requisite research.
>
> http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
_______________________________________________
mklinux-announce mailing list
[EMAIL PROTECTED]
http://www.lists.apple.com/mailman/listinfo/mklinux-announce
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
