[ale] ssh remote root exploit :-(

Dow Hurst dhurst at kennesaw.edu
Tue Jun 25 19:03:28 EDT 2002


 From the letter posted it sounds like we need to put pressure on our 
vendors to help out the OpenSSH developers.
Dow


Jonathan Rickman wrote:

>Everyone should be aware that this new version does not fix the
>vulnerability. It only reduces the risk since the attacker can only
>gain access to the sshd account due to the new priveledge separation
>feature. This could still ruin your day if your system is miles away and
>ssh is your only means of accessing it.
>
>Just a reminder not to get too comfortable yet :)
>
>
>  
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list