SSH 1.2.x vulnerability
Karel Volejnik
Karel.Volejnik na be-net.cz
Úterý Listopad 3 12:26:31 CET 1998
Dobry den,
k problemu ssh je zajimava zprava ve firewall mailing listu:
Mike Batchelor wrote:
> Seeing all the posts about ssh-gw here, I thought you may all want to
> know that a CERT advisory is out on ssh v1.2.x, due to a buffer
> overrun vulnerability in the logging functions.
This is incorrect. There is no such CERT advisory, and according to the
IBM-ERS as well as the SSH team, this has been a false alarm. Please
see
the PGP-signed statement from IBM, at
http://www.ssh.fi/sshprotocols2/ibmers_message.txt
as well as the statements from the SSH team, at
http://www.ssh.fi/sshprotocols2/rootshell.html
Další informace o konferenci Linux