[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

SSH security vulnerability (fwd)

I have not verified this problem, but the advisory looks quite decent.

---------- Forwarded message ----------
Date: Fri, 9 Feb 2001 13:07:08 -0800 (PST)
From: David A. Gatwood <dgatwood@gatwood.net>
To: mklinux-announce@lists.apple.com, mklinux-users@lists.apple.com
Subject: SSH security vulnerability

I don't usually announce security vulnerabilities, but this one hits close
to home.  There's a broad, sweeping security hole in basically every
version of ssh, both commercial and non-commercial, including OpenSSH.
This is fixed in OpenSSH 2.3.0.  You are strongly urged to upgrade your

Note that there is NO CERT ADVISORY for this yet, as the vulnerability was
only discovered yesterday.  I've included the pertinent information below.

The MkLinux Team


On Fri, 9 Feb 2001, Nick Matsakis wrote:

> To: x4u@lists.themacintoshguy.com
> A security hole has recently been exposed in SSHD that may affect users of
> the public beta.  Unfortunately, I don't know much about what version of
> SSHD the public beta comes with, or where one might find an updated
> version (Darwin resources would be able to help no doubt) but I thought I
> would send out this link anyway, so that those who should no about it can
> do the requisite research.
>   http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
mklinux-announce mailing list

Reply to: