Re: [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
Previously Phillip Hofmeister wrote:
> Does this effect the daemon or the client?
Again we really have no information to base this on, but everything
points to a problem in the daemon (privsep does not help in the client).
> If it effects the daemon, is the potato version vulnerable?
I suspect so, we do not have the information to really confirm or deny
this. I would recommend restricting ssh access if possible and/or look
into an alternative like telnetd-ssl (make sure you use the -z secure
option to only allow SSL connections).
Wichert.
--
_________________________________________________________________
/wichert@wiggy.net This space intentionally left occupied \
| wichert@deephackmode.org http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: