[ale] ssh remote root exploit :-(
Dow Hurst
dhurst at kennesaw.edu
Tue Jun 25 19:03:28 EDT 2002
From the letter posted it sounds like we need to put pressure on our
vendors to help out the OpenSSH developers.
Dow
Jonathan Rickman wrote:
>Everyone should be aware that this new version does not fix the
>vulnerability. It only reduces the risk since the attacker can only
>gain access to the sshd account due to the new priveledge separation
>feature. This could still ruin your day if your system is miles away and
>ssh is your only means of accessing it.
>
>Just a reminder not to get too comfortable yet :)
>
>
>
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list