Possible new openssh vulnerability
dagmar.wants at nospam.com
Tue Sep 16 11:31:45 PDT 2003
On Tue, 2003-09-16 at 12:32, Ken Moffat wrote:
> openssh-3.7p1 is out, and wadda you know, /. has rumours of an exploit
> to previous versions in the wild. A quick look at the changelog doesn't
> show anything obvious. According to lwn, there are rumours of exploits,
> but no known exploit. The /. link on the exploit is of course suffering
> from being /.'ed.
> Summary: unclear if the problem is real, or affects other than open
Considering that I was looking at a RedHat 9 machine that had been
compromised a few days ago and actually not being able to figure out
what was compromised to get in, it may well be more than OpenBSD is
vulnerable and Theo is just getting even for the way his Chicken Little
act was recieved the last time.
The email address above is phony because the people making archives of list
traffic publicly available on the web aren't taking measures to protect the
email addresses from filthy spammers.
AIM: evilDagmar Jabber: evilDagmar at jabber.org
More information about the lfs-security