Re: Critical: ssh-nonfree IS exploited

To: debian-devel@lists.debian.org
Subject: Re: Critical: ssh-nonfree IS exploited
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Sun, 11 Nov 2001 18:46:30 +0100
Message-id: <[🔎] E162ygg-0006Rn-00@downhill.at.eu.org>
Mail-followup-to: <debian-devel@lists.debian.org>
References: <[🔎] 20011111151407.B9931@lina.inka.de> <[🔎] 20011111155440.B30811@wiggy.net>

Wichert Akkerman <wichert@wiggy.net> wrote:
[...]
> Anyone who thinks openssh is not more secure needs to compare codebases :)

On the other side, OpenSSH has had its share on exploits and bugs,
too, and BTW afaics (Bug #113513) the version in Debian is still open
to

|-- RHSA-2001:114-05
| 3. Problem description:
| 
| If a user lists multiple keys in her .ssh/authorized_keys2 file,
| sshd may in some circumstances not honor the "from" option which
| can be associated with a key, thereby allowing key-based logins
| from hosts which should not be allowed access.
|----------------------
             cu andreas
-- 
Hey, da ist ein Ballonautomat auf der Toilette!
Echelon: sex violence tower XXX Boom human rights Islam Kate Winslet
vim:ls=2:stl=***\ Sing\ a\ song.\ ***

Reply to:

Follow-Ups:
- Re: Critical: ssh-nonfree IS exploited
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Critical: ssh-nonfree IS exploited
  - From: Bernd Eckenfels <ecki@lina.inka.de>
- Re: Critical: ssh-nonfree IS exploited
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Critical: ssh-nonfree IS exploited
Next by Date: Bug#119185: ITP: oss-preserve -- Program to save/restore OSS mixer settings
Previous by thread: Re: Critical: ssh-nonfree IS exploited
Next by thread: Re: Critical: ssh-nonfree IS exploited
Index(es):
- Date
- Thread