Does anyone know if the openssh exploit that 3.3 is supposed to not fix,
but do damage control for, is it still exploitable if you have set your
/etc/hosts.deny to deny all hosts, and then /etc/hosts.allow to only
allow from trusted ips.
In other words, if a malicious ssh request comes from an ip that is
already denied via tcp_wrapper support in ssh, will it still be able to
exploit OpenSSH < 3.3?
I'm not on the list, so cc me please.
--
Paul Baker
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, 1759
GPG Key: http://homepage.mac.com/pauljbaker/public.asc
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
