New sshd exploits...
Hi,
I've only seen one (rather obscure) message to debian lists about this
one, but there are 2 new exploits out for sshd
this one is not much to loose sleep about as it's rather tricky and
OpenSSH claims that it's not exploitable though they have patched
their source tree as of Jan 29, 2001:
http://www.securityfocus.com/templates/archive.pike?mid=161150&fromthread=0&end2001-02-10&threads=0&list=1&start=2001-02-04&
This one is more worry some as it's a relatively simple buffer
overflow and the debian stable version of OpenSSH *is* vulnerable
(unstable which uses OpenSSH 2.3.0p1 seems OK, but don't take my word
for it):
http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
-Jon
Reply to: