Re: ssh vulnerability in the wild

To: debian-security@lists.debian.org
Subject: Re: ssh vulnerability in the wild
From: Robert Brockway <robert@timetraveller.org>
Date: Tue, 16 Sep 2003 15:13:38 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.58.0309161510450.6347@zen.canint.timetraveller.org>
In-reply-to: <[🔎] 20030916174404.GA22711@deblin.org>
References: <[🔎] D79968A2-E861-11D7-8540-0003931D9B5A@tedroby.com> <[🔎] 87d6e07j2y.fsf@deneb.enyo.de> <[🔎] 20030916174404.GA22711@deblin.org>

On Tue, 16 Sep 2003, Josh Carroll wrote:

> Actually, people have reported that there is an exploit, and in fact
> even OpenBSD is vulnerable.

A number of people have claimed that others have said it is exploitable.
This is quite a common occurance with well publicised exploits.

I've seen no proof of an exploit as yet.

> I would still patch ASAP. Best not to risk it.

Definately.  This is always best practice regardless of whether there is a
known exploit or not.

Cheers,
	Rob

-- 
Robert Brockway B.Sc. email: robert@timetraveller.org, zzbrock@uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah

Reply to:

References:
- Re: ssh vulnerability in the wild
  - From: Ted Roby <secalert@tedroby.com>
- Re: ssh vulnerability in the wild
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: ssh vulnerability in the wild
  - From: Josh Carroll <josh.carroll@psualum.com>

Prev by Date: Re: [d-security] Re: ssh vulnerability in the wild
Next by Date: Re: ssh vulnerability in the wild
Previous by thread: Re: ssh vulnerability in the wild
Next by thread: Re: ssh vulnerability in the wild
Index(es):
- Date
- Thread