[KLUG Members] [Fwd: SSH hole allows full control]
Bruce Smith
members@kalamazoolinux.org
Thu, 02 Aug 2001 10:41:39 -0400
> > > ... Basically OpenSSH's biggest flaw ...
>
> Gah! Sorry. OpenSSH is fine. Everyone is fine except the
> product SSH Secure Shell which you had to buy from SSH
> Communications Security Corp. If you didn't pay for it,
> you're fine.
Well, not to be picky, but there are free, non-commercial,
versions of SSH. :-) However, I don't believe that comes
on any Linux distributions.
OpenSSH does not have _this_ bug, but there are older bugs,
so you should be running the latest errata from your
distribution vendor, or from www.openssh.org.
Only Commercial SSH (www.ssh.com) 3.0.0 has the nasty exploit
explained earlier in this thread.
> Next time I'm tempted to email ths list when I have not slept
> in >= 24 hours, someone stop me mmkay?
No problem. Now go get some sleep! :-)
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------