OpenSSH heads-up
Brett Glass
brett at lariat.org
Tue Sep 16 11:50:13 PDT 2003
At 12:45 PM 9/16/2003, Jacques A. Vidrine wrote:
>There have been rumours of an ssh2 exploit for over a week. The
>first concrete indication that I received that there was a bug was an
>OpenBSD commit message last night.
Interesting.
I could scan the source, but perhaps you already have and can answer
the following questions:
1. Could the bug be exploited by someone who had not authenticated
with the server?
2. Can it be worked around by changing the configuration until one
has time to patch? (You mention that it's an SSH2 exploit; perhaps
one can disable SSH2 and use SSH1 in the interim?)
--Brett Glass
More information about the freebsd-security
mailing list