[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#130876: Very definitely a bug, security

On Sat, 26 Jan 2002 05:01:14 +0000
Lazarus Long <lazarus@overdue.ddts.net> wrote:
> This is definitely a security risk.  There is no reason that such
> information should be exposed to attackers.  Just because FreeBSD has
> some lame security practices doesn't mean Debian has to emulate them.
> (If I ran it, I'd file a bug there as well.)

I agree that this is exposing information that can be used by an
attacker to aid them in their exploits. On the other hand, the purpose
of the change was a good one; it's hard to tell if you're running a
vulnerable SSH in Stable, since the version string is the same as the
stock upstream source, while the Debian diffs will have many added

Is there any way this can be run-time configurable?

/    David Barclay Harris            Aut agere, aut mori.      \
\        Clan Barclay              Either action, or death.    /

Reply to: