[KLUG Members] [Fwd: SSH hole allows full control]

Bruce Smith members@kalamazoolinux.org
Thu, 02 Aug 2001 10:41:39 -0400

Previous message: [KLUG Members] [Fwd: SSH hole allows full control]
Next message: [KLUG Members] Link Of the Week - The Linux Kernel
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > > ...  Basically OpenSSH's biggest flaw ...
> 
> Gah!  Sorry.  OpenSSH is fine.  Everyone is fine except the
> product SSH Secure Shell which you had to buy from SSH
> Communications Security Corp.  If you didn't pay for it,
> you're fine.

Well, not to be picky, but there are free, non-commercial,
versions of SSH.  :-)   However, I don't believe that comes 
on any Linux distributions.  

OpenSSH does not have _this_ bug, but there are older bugs,
so you should be running the latest errata from your 
distribution vendor, or from www.openssh.org.

Only Commercial SSH (www.ssh.com) 3.0.0 has the nasty exploit 
explained earlier in this thread.

> Next time I'm tempted to email ths list when I have not slept
> in >= 24 hours, someone stop me mmkay?

No problem.  Now go get some sleep!   :-)

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] [Fwd: SSH hole allows full control]
Next message: [KLUG Members] Link Of the Week - The Linux Kernel
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]