-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, it is. However it's apparently fixed in the current production code. The major issue is that it looks like the broken code was only recently the current production code. I think this will be my queue to just go bite the bullet and update from OpenBSD 2.9 to 3.0 since that takes OpenSSH with it to 3.0.1. Joshua b. Jore Minneapolis Ward 3, precinct 10 http://www.greentechnologist.org On Fri, 30 Nov 2001, Austad, Jay wrote: > Wow. An app designed to provide security actually compromising it. Gotta > love that. Remind me not to ever open ssh again and to require a VPN > connection for all remote administration. > > That's annoying. > > > -----Original Message----- > > From: Joshua b. Jore [mailto:josh at kitten.greentechnologist.org] > > Sent: Thursday, November 29, 2001 8:31 PM > > To: tclug-list at mn-linux.org > > Subject: [TCLUG] [Security Discuss] new sshd exploit ? (fwd) > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > (forwarded from misc at openbsd.org. The affected people ran Redhat) > > > > FYI... heads' up from the SSH mail list > > > > > > A colleague sent me a very vague e-mail, telling me that > > I should 'disable > > > > SSHD now' because of a 'private exploit being circulated > > since Saturday'. > > > > > > > > Anyone know anything about this? > > > > > > The following URL should give you some more information: > > > > > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100696253318793&w=2 > > > > Given the other issue of Kerberos pre-v3, an update to the > > latest OpenSSH 3.0+ seems warrented. > > http://www.oreillynet.com/lpt/a/linux/2001/11/26/insecurities.html > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.6 (OpenBSD) > > Comment: For info see http://www.gnupg.org > > > > iD8DBQE8Bu95fexLsowstzcRAn9UAJwPqCgv7n5zBAF7K4EbUGfgml2cLQCfdICG > > bS4kDoKGWmvGLrp+PXs2kiA= > > =Z8jF > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Twin Cities Linux Users Group Mailing List - Minneapolis/St. > > Paul, Minnesota > > http://www.mn-linux.org > > tclug-list at mn-linux.org > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > _______________________________________________ > Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota > http://www.mn-linux.org > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE8B4g8fexLsowstzcRAkWFAJwLlyrIywKswzXWJkr00Qq186lDEQCgwF8v l0dX2D28nB06z3IONTX2AFM= =s0TK -----END PGP SIGNATURE-----