[KLUG Members] [Fwd: SSH hole allows full control]

Bruce Smith members@kalamazoolinux.org
Thu, 02 Aug 2001 09:09:50 -0400

Previous message: [KLUG Members] [Fwd: SSH hole allows full control]
Next message: [KLUG Members] [Fwd: SSH hole allows full control]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Hole Found in SSH Remote Access Software for Unix
> > By Joris Evers
Jamie wrote:
> ...  Basically OpenSSH's biggest flaw ...
>
> ....  OpenSSH interpreted them to mean
> "let everyone log into this account, without a password."

Now wait a minute!!!  Everything I've read says the problem ONLY 
exists in the COMMERCIAL SSH software, and only in version 3.0.0.

Quoting from:  http://www.kb.cert.org/vuls/id/737451

  "SSH Communications Security - Vulnerable"
  "OpenSSH - Not Vulnerable"

So people running the OpenSSH that comes with their Linux 
distribution should not be effected.  Right???

OpenSSH != SSH   (don't use the two interchangeably!)

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] [Fwd: SSH hole allows full control]
Next message: [KLUG Members] [Fwd: SSH hole allows full control]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]