Bug#130876: ssh: -5 discloses too much infomation to an attacker, security

To: Lazarus Long <lazarus@overdue.ddts.net>, 130876@bugs.debian.org
Cc: control@bugs.debian.org, debian-security@lists.debian.org
Subject: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
From: Matthew Vernon <matthew@sel.cam.ac.uk>
Date: Sun, 10 Feb 2002 18:26:17 +0000
Message-id: <[🔎] 15462.47945.344711.435377@rapun.sel.cam.ac.uk>
In-reply-to: <[🔎] 20020210024733.GA13568@overdue.ddts.net>
References: <20020126012313.320AD73061@phoenix.overdue.net> <15442.40996.468859.65980@rapun.sel.cam.ac.uk> <[🔎] 20020210024733.GA13568@overdue.ddts.net>

retitle 130876 Sending server software version information should be optional
severity 130876 wishlist
quit

I'll get back to you in more detail when I have time, but in the mean
time - if you want to produce and maintain (since I'm damn sure
upstream wouldn't want to know) a patch that creates a configuration
option enabling the server to produce only the parts of the version
string required by the RFC (which is in /usr/share/doc/ssh) and
nothing more, I'm prepared to incorporate it. The default should be to
display what the package *currently* does. call it -O
'SecurityByObscurity yes' or something.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org

Reply to:

Follow-Ups:
- Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
  - From: Wichert Akkerman <wichert@wiggy.net>

References:
- Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
  - From: Lazarus Long <lazarus@overdue.ddts.net>

Prev by Date: Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Next by Date: Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Previous by thread: Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Next by thread: Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Index(es):
- Date
- Thread