[TCLUG] [Security Discuss] new sshd exploit ? (fwd)

Fri Nov 30 02:44:52 CST 2001

Wow.  An app designed to provide security actually compromising it.  Gotta
love that.  Remind me not to ever open ssh again and to require a VPN
connection for all remote administration.

That's annoying.

> -----Original Message-----
> From: Joshua b. Jore [mailto:josh at kitten.greentechnologist.org]
> Sent: Thursday, November 29, 2001 8:31 PM
> To: tclug-list at mn-linux.org
> Subject: [TCLUG] [Security Discuss] new sshd exploit ? (fwd)
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> (forwarded from misc at openbsd.org. The affected people ran Redhat)
> 
> FYI...  heads' up from the SSH mail list
> 
> > > A colleague sent me a very vague e-mail, telling me that 
> I should 'disable
> > > SSHD now' because of a 'private exploit being circulated 
> since Saturday'.
> > >
> > > Anyone know anything about this?
> >
> > The following URL should give you some more information:
> > 
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100696253318793&w=2
> 
> Given the other issue of Kerberos pre-v3, an update to the
> latest OpenSSH 3.0+ seems warrented.
>     http://www.oreillynet.com/lpt/a/linux/2001/11/26/insecurities.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (OpenBSD)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE8Bu95fexLsowstzcRAn9UAJwPqCgv7n5zBAF7K4EbUGfgml2cLQCfdICG
> bS4kDoKGWmvGLrp+PXs2kiA=
> =Z8jF
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. 
> Paul, Minnesota
> http://www.mn-linux.org
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> 