New sshd exploits...

To: Debian Users <debian-user@lists.debian.org>
Subject: New sshd exploits...
From: "Jonathan D. Proulx" <jon@ai.mit.edu>
Date: Fri, 9 Feb 2001 20:14:08 -0500
Message-id: <[🔎] 20010209201408.B1456@spoon.ai.mit.edu>
Mail-followup-to: "Jonathan D. Proulx" <jon@ai.mit.edu>, Debian Users <debian-user@lists.debian.org>

Hi,

I've only seen one (rather obscure) message to debian lists about this
one, but there are 2 new exploits out for sshd

this one is not much to loose sleep about as it's rather tricky and
OpenSSH claims that it's not exploitable though they have patched
their source tree as of Jan 29, 2001:

http://www.securityfocus.com/templates/archive.pike?mid=161150&fromthread=0&end2001-02-10&threads=0&list=1&start=2001-02-04&;

This one is more worry some as it's a relatively simple buffer
overflow and the debian stable version of OpenSSH *is* vulnerable
(unstable which uses OpenSSH 2.3.0p1 seems OK, but don't take my word
for it):

http://razor.bindview.com/publish/advisories/adv_ssh1crc.html

-Jon

Reply to:

Follow-Ups:
- Re: New sshd exploits...
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: mailman: can't run adminstration for group
Next by Date: Re: TT Fonts resolved (was Re: XF86v4: mouse and fonts)
Previous by thread: mailman: can't run adminstration for group
Next by thread: Re: New sshd exploits...
Index(es):
- Date
- Thread