Date: Tue, 16 Sep 2003 12:49:23 -0600 From: Brett Glass <brett@lariat.org> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: freebsd-security@FreeBSD.org Subject: Re: OpenSSH heads-up Message-ID: <4.3.2.7.2.20030916124550.02a55970@localhost> In-Reply-To: <20030916184500.GD6723@madman.celabo.org> References: <4.3.2.7.2.20030916123558.02cfdef0@localhost> <20030916134347.GA30359@madman.celabo.org> <4.3.2.7.2.20030916123558.02cfdef0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:45 PM 9/16/2003, Jacques A. Vidrine wrote: >There have been rumours of an ssh2 exploit for over a week. The >first concrete indication that I received that there was a bug was an >OpenBSD commit message last night. Interesting. I could scan the source, but perhaps you already have and can answer the following questions: 1. Could the bug be exploited by someone who had not authenticated with the server? 2. Can it be worked around by changing the configuration until one has time to patch? (You mention that it's an SSH2 exploit; perhaps one can disable SSH2 and use SSH1 in the interim?) --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20030916124550.02a55970>