On Sat, Jan 26, 2002 at 05:01:14AM +0000, Lazarus Long wrote: > severity 130876 grave > This is definitely a security risk. There is no reason that such > information should be exposed to attackers. Just because FreeBSD has That doesn't mean it's a severity grave bug, though. There's no actual vulnerability created by advertising the Debian revision SSH version (particularly since exploits are quite likely to be against the upstream version which SSH always advertises and you don't seem to be complaining about). > Post your root password and IP address if you think obscurity is > irrelevant. (You are twisting a comment about *source* being available That's not really the same thing. Knowing the root password you can gain access to the system. Knowing the SSH version might give you a hint to try certain SSH exploits that would have worked anyway. One is a fundamental part of how you try to maintain security and the other is to a certain extent incedental. -- "You grabbed my hand and we fell into it, like a daydream - or a fever."
Attachment:
pgpNOB8gikgjP.pgp
Description: PGP signature