Date: Mon, 06 Jan 2003 13:27:12 -0800 From: Darren Pilgrim <dmp@pantherdragon.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: Fwd: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS Message-ID: <3E19F4B0.3090903@pantherdragon.org> References: <5.2.0.9.0.20030106130825.04a3e0f8@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > > FYI, for those not on bugtraq. The "advisory" is suspect. 1) The language used in the non-technical parts of the message are immature, detracting from the credibility of the author. 2) Most ssh clients sends your logged-in username by default if you don't specify one using the form "user@" on the command line. My PAM-disabled versions of OpenSSH do this. For a group that supposedly spent six months researching OpenSSH, you'd think they'd have noticed. >> Date: Sat, 4 Jan 2003 19:37:03 -0800 >> To: bugtraq@securityfocus.com >> Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS >> From: mmhs@hushmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E19F4B0.3090903>