[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Masquarading on a dialup connection



IT>> 9.2. Known security bugs with SSH
IT>> 
IT>>      All versions of ssh prior to 1.2.12 had a security flaw which
IT>>      If you run ssh 1.2.13 on Alpha OSF 1.3 or SCO in C2 security mode,
IT>>      Versions of ssh prior to 1.2.17 had problems with authentication
IT>> 1.2.18 and later. 
IT>>      In versions prior to 1.2.23 there was a CRC32 Compensation attack

And the current is .27, not? So what's the prob?

IT>>      With 2.0.12,an sshd connection would not die, even if a complete
IT>> connection was never fully established. That is, when he came from
IT>> server B to server A, the session on server A would hang when he exits.
IT>> Upgrading to 2.0.13 should fix this problem.
IT>> [/SNIP]
IT>> 
IT>> 
IT>> 	Hardly obscure cryptographic weaknessess, and some have been seen "in
IT>> the wild".

Ok, but this is not "exploit", as it was said. It's just a bug, which is,
btw, fixed.

-- 
frodo@sharat.co.il	\/  There shall be counsels taken
Stanislav Malyshev	/\  Stronger than Morgul-spells
phone +972-3-9316425	/\  		JRRT LotR.
http://sharat.co.il/frodo/	whois:!SM8333



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il