Re: the openssh exploit

To: Paul Baker <pbaker@where2getit.com>
Cc: debian-security@lists.debian.org
Subject: Re: the openssh exploit
From: Anthony DeRobertis <asd@suespammers.org>
Date: Tue, 25 Jun 2002 02:43:36 -0400
Message-id: <[🔎] E029A8E4-8806-11D6-BA36-00039355CFA6@suespammers.org>
In-reply-to: <[🔎] 2099CE7E-87F0-11D6-8A0B-0003937562B8@where2getit.com>


On Tuesday, June 25, 2002, at 12:00 , Paul Baker wrote:

Does anyone know if the openssh exploit that 3.3 is supposed tonot fix, but do damage control for, is it still exploitable ifyou have set your /etc/hosts.deny to deny all hosts, and then/etc/hosts.allow to only allow from trusted ips.

A good guess would be 'no', because then most OpenSSH code isnot invoked. However, we can't be sure, because (at leastaccording to the DSA) OpenBSD has released no details.



--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- the openssh exploit
  - From: Paul Baker <pbaker@where2getit.com>

Prev by Date: Re: the openssh exploit
Next by Date: Re: open ssh exploit - user not getting created
Previous by thread: Re: the openssh exploit
Next by thread: ssh and password authentication
Index(es):
- Date
- Thread