Re: ssh vulernability
On Mon, Oct 22, 2001 at 06:21:51AM -0300, Peter Cordes wrote:
> On Fri, Oct 19, 2001 at 05:06:03PM -0700, Garrett Ellis wrote:
> > I run Debian; and I applied the OpenSSH patch myself as soon as it was posted.
> > Does anybody know of the advantages of waiting for a new .deb file to get
> > circulated are?
>
> It's easier, esp. if you don't already have source for the latest version.
BTW, I'm talking about http://www.securityfocus.com/bid/3369
OpenSSH Key Based Source IP Access Control Bypass Vulnerability
Someone else mentioned a buffer overflow exploit. In that case (remote root
exploit or something), then laziness is overruled by the need to keep one's
system secure.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: