[KLUG Members] [Fwd: SSH hole allows full control]
Bruce Smith
members@kalamazoolinux.org
Thu, 02 Aug 2001 09:09:50 -0400
> > Hole Found in SSH Remote Access Software for Unix
> > By Joris Evers
Jamie wrote:
> ... Basically OpenSSH's biggest flaw ...
>
> .... OpenSSH interpreted them to mean
> "let everyone log into this account, without a password."
Now wait a minute!!! Everything I've read says the problem ONLY
exists in the COMMERCIAL SSH software, and only in version 3.0.0.
Quoting from: http://www.kb.cert.org/vuls/id/737451
"SSH Communications Security - Vulnerable"
"OpenSSH - Not Vulnerable"
So people running the OpenSSH that comes with their Linux
distribution should not be effected. Right???
OpenSSH != SSH (don't use the two interchangeably!)
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------