[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh vulernability

On Mon, Oct 22, 2001 at 06:21:51AM -0300, Peter Cordes wrote:
> On Fri, Oct 19, 2001 at 05:06:03PM -0700, Garrett Ellis wrote:
> > I run Debian; and I applied the OpenSSH patch myself as soon as it was posted.
> > Does anybody know of the advantages of waiting for a new .deb file to get
> > circulated are?
>  It's easier, esp. if you don't already have source for the latest version.

 BTW, I'm talking about http://www.securityfocus.com/bid/3369
OpenSSH Key Based Source IP Access Control Bypass Vulnerability

 Someone else mentioned a buffer overflow exploit.  In that case (remote root
exploit or something), then laziness is overruled by the need to keep one's
system secure.

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to: