Bug#130876: ssh: -5 discloses too much infomation to an attacker, security

To: Wichert Akkerman <wichert@wiggy.net>, 130876@bugs.debian.org
Cc: debian-security@lists.debian.org
Subject: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
From: Matthew Vernon <matthew@sel.cam.ac.uk>
Date: Sun, 10 Feb 2002 20:00:54 +0000
Message-id: <[🔎] 15462.53622.512877.989015@rapun.sel.cam.ac.uk>
In-reply-to: <[🔎] 20020210194643.GF23473@wiggy.net>
References: <20020126012313.320AD73061@phoenix.overdue.net> <15442.40996.468859.65980@rapun.sel.cam.ac.uk> <[🔎] 20020210024733.GA13568@overdue.ddts.net> <[🔎] 15462.47945.344711.435377@rapun.sel.cam.ac.uk> <[🔎] 20020210194643.GF23473@wiggy.net>

Wichert Akkerman writes:
 > Previously Matthew Vernon wrote:
 > > retitle 130876 Sending server software version information should be optional
 > 
 > I'm not sure I agree with that: that easily leads to the configurable
 > version response option that was discussed on openssh-dev recently where
 > it was concluded that is not a good idea.

I'm not sure it's a good idea either. I suspect Lazarus won't accept
the status quo, however.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org

Reply to:

References:
- Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
  - From: Lazarus Long <lazarus@overdue.ddts.net>
- Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
  - From: Matthew Vernon <matthew@sel.cam.ac.uk>
- Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Next by Date: Emulate real ip's to access intranet hosts from outside
Previous by thread: Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Next by thread: Emulate real ip's to access intranet hosts from outside
Index(es):
- Date
- Thread