Date: Tue, 14 Dec 1999 21:23:11 -0800 From: "Michael Bryan" <fbsd-security@ursine.com> To: freebsd-security@FreeBSD.ORG Subject: Re: CERT released RSAREF bulletin Message-ID: <199912142123110810.09F93633@quaggy.ursine.com> In-Reply-To: <199912142052000380.09DCA719@quaggy.ursine.com> References: <199912150404.WAA28271@alecto.physics.uiuc.edu> <199912142052000380.09DCA719@quaggy.ursine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/14/99 at 8:52 PM Michael Bryan wrote: > >As a final note, a BugTraq message said that somebody has coded an exploit >for the bug as seen in sshd 1.2.27 and earlier, and they are about to= release >it to the world. Speak of the devil... the exploit was just published on BugTraq, and the author says it was tested against sshd running on Linux (RedHat 6.0) and OpenBSD 2.6. Reading through the description of the exploit, it appears that the mid-November patch to sshd is enough to stop this one cold, even if RSAREF2 remains unpatched. Michael Bryan fbsd-security@ursine.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912142123110810.09F93633>