The nest in the thread from bugtraq ~Chris -----Forwarded Message-----
> From: Global InterSec Research <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > Date: 06 Jan 2003 20:05:32 +0000 > > > As some may have gathered, the advisory recently posted by [EMAIL PROTECTED] > was indeed a fake, intended to highlight several unclear statements made in >GIS2002062801. > > The advisory in question is currently being updated with more detailed information >and will be > re-posted at: http://www.globalintersec.com/adv/openssh-2002062801.txt as soon as it >becomes > available. > > Note that the kbd-init flaw described in GIS2002062801 was proven to be exploitable >in our lab > although not all evidence to demonstrate this was provided in the original advisory. >A mistake > was made in the original advisory draft, where chunk content data was shown, rather >than the > entire corrupted malloc chunk. This will be amended in the revision. > > Also note that to our knowledge there are currently no known, exploitable flaws in >OpenSSH 3.5p1, > due to its use of PAM as suggested by [EMAIL PROTECTED] It is almost certain that >the posted > bogus advisory was also intended to cause alarm amongst communities using OpenSSH, >through > miss-information. > > > Global InterSec LLC. > >
signature.asc
Description: This is a digitally signed message part
