Re: the openssh exploit
On Tuesday, June 25, 2002, at 12:00 , Paul Baker wrote:
Does anyone know if the openssh exploit that 3.3 is supposed to
not fix, but do damage control for, is it still exploitable if
you have set your /etc/hosts.deny to deny all hosts, and then
/etc/hosts.allow to only allow from trusted ips.
A good guess would be 'no', because then most OpenSSH code is
not invoked. However, we can't be sure, because (at least
according to the DSA) OpenBSD has released no details.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: