Re: ssh vulernability

To: debian-security@lists.debian.org
Subject: Re: ssh vulernability
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Mon, 22 Oct 2001 06:27:46 -0300
Message-id: <20011022062746.H32330@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20011022062151.G32330@llama.nslug.ns.ca>
References: <Pine.BSF.4.33.0110191805380.73457-100000@flagg.secureworks.net> <20011019152618.A4221@plato.local.lan> <3BD0BFEB.DA620C2D@analexphoenix.com> <20011022062151.G32330@llama.nslug.ns.ca>

On Mon, Oct 22, 2001 at 06:21:51AM -0300, Peter Cordes wrote:
> On Fri, Oct 19, 2001 at 05:06:03PM -0700, Garrett Ellis wrote:
> > I run Debian; and I applied the OpenSSH patch myself as soon as it was posted.
> > Does anybody know of the advantages of waiting for a new .deb file to get
> > circulated are?
> 
>  It's easier, esp. if you don't already have source for the latest version.

 BTW, I'm talking about http://www.securityfocus.com/bid/3369
OpenSSH Key Based Source IP Access Control Bypass Vulnerability

 Someone else mentioned a buffer overflow exploit.  In that case (remote root
exploit or something), then laziness is overruled by the need to keep one's
system secure.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

References:
- ssh vulernability
  - From: <ahall@secureworks.net>
- Re: ssh vulernability
  - From: Ethan Benson <erbenson@alaska.net>
- Re: ssh vulernability
  - From: Garrett Ellis <garrett.ellis@analexphoenix.com>
- Re: ssh vulernability
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: Re: ssh vulernability
Next by Date: Re: central administration techniques
Previous by thread: Re: ssh vulernability
Next by thread: Re: ssh vulernability
Index(es):
- Date
- Thread