Note that Potato users actually BECAME vulnerable by installing this
"security fix".
On Thu, 27 Jun 2002, Florian Weimer wrote:
>Paul Baker <[EMAIL PROTECTED]> writes:
>
>> So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
>> were actually vulnerable to the exploit found by I
Paul Baker <[EMAIL PROTECTED]> writes:
> So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
> were actually vulnerable to the exploit found by ISS and reported in
> DSA-134
The 3.3p1 packages are vulnerable in some configurations. :-(
--
Florian Weimer[EMAI
On Wednesday, June 26, 2002, at 03:50 PM, Richard wrote:
Even worse, on 2.0.x kernels "PrivilegeSeparation" doesn't work,
rendinging sshd useless for interactive sessions or make it vurneble is
you disable it.
All debian versions of ssh packages are not vulnerable, AFAIK. I'm
hoping the secu
On Wed, 26 Jun 2002, Paul Baker wrote:
> I'm curious what recourse Debian is planning to take now? Perhaps
> removing the buggy OpenSSH 3.3 packages off of security.debian.org so
> people don't upgrade to it since it's not at all necessary and it will
> only cause problems like screwing up com
On Wed, Jun 26, 2002 at 02:35:21PM -0500, Paul Baker wrote:
>
> I'm curious what recourse Debian is planning to take now? Perhaps
> removing the buggy OpenSSH 3.3 packages off of security.debian.org so
> people don't upgrade to it since it's not at all necessary and it will
> only cause problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
were actually vulnerable to the exploit found by ISS and reported in
DSA-134
Potato wasn't vulnerable because it is SSH1 only, and the problem lies
in the ChallengeResponseAuthe
6 matches
Mail list logo
