the openssh exploit
Does anyone know if the openssh exploit that 3.3 is supposed to not fix,
but do damage control for, is it still exploitable if you have set your
/etc/hosts.deny to deny all hosts, and then /etc/hosts.allow to only
allow from trusted ips.
In other words, if a malicious ssh request comes from an ip that is
already denied via tcp_wrapper support in ssh, will it still be able to
exploit OpenSSH < 3.3?
I'm not on the list, so cc me please.
--
Paul Baker
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, 1759
GPG Key: http://homepage.mac.com/pauljbaker/public.asc
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: