On the ssh notices...

ME dugan at passwall.com
Fri Nov 30 10:37:59 PST 2001


The first message with URL suggest even 2.9.9p2 is open. The followup
suggests that this is not the case. Hoever, the ssh1 crc compensation
attack (with the int problem) may be/have been a different exploit than
the one discussed in the URL of the fiirst post.

Both published here for you to watch for more news on ssh exploits.

(A bugtraq post a few days ago included ref to a bug in openssh 3.0.0 and
a rumored bug in 3.0.1 but no specifics were offered - suggesting the
open ssh 3.0.1 issue to be *just* a rumor at this point.


-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library



More information about the talk mailing list