The nest in the thread from bugtraq ~Chris -----Forwarded Message----- > From: Global InterSec Research <lists@globalintersec.com> > To: bugtraq@securityfocus.com > Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > Date: 06 Jan 2003 20:05:32 +0000 > > > As some may have gathered, the advisory recently posted by mmhs@hushmail.com > was indeed a fake, intended to highlight several unclear statements made in GIS2002062801. > > The advisory in question is currently being updated with more detailed information and will be > re-posted at: http://www.globalintersec.com/adv/openssh-2002062801.txt as soon as it becomes > available. > > Note that the kbd-init flaw described in GIS2002062801 was proven to be exploitable in our lab > although not all evidence to demonstrate this was provided in the original advisory. A mistake > was made in the original advisory draft, where chunk content data was shown, rather than the > entire corrupted malloc chunk. This will be amended in the revision. > > Also note that to our knowledge there are currently no known, exploitable flaws in OpenSSH 3.5p1, > due to its use of PAM as suggested by mmhs@hushmail.com. It is almost certain that the posted > bogus advisory was also intended to cause alarm amongst communities using OpenSSH, through > miss-information. > > > Global InterSec LLC. > >
Attachment:
signature.asc
Description: This is a digitally signed message part