[21080] in North American Network Operators' Group
Re: [rootshell] Security Bulletin #25
daemon@ATHENA.MIT.EDU (Joe Loiacono)
Tue Nov 3 09:36:04 1998
Date: Tue, 03 Nov 1998 09:04:26 -0500
To: "Roeland M.J. Meyer" <rmeyer@mhsc.com>,
"Richard Steenbergen" <humble@lightning.net>
From: Joe Loiacono <jloiacon@nastg.gsfc.nasa.gov>
Cc: "Joe Shaw" <jshaw@insync.net>, "C. Harald Koch" <chk@utcc.utoronto.ca>,
<nanog@merit.edu>
In-Reply-To: <199811030544.VAA11665@condor.lvrmr.mhsc.com>
At 09:44 PM 11/2/98 -0800, Roeland M.J. Meyer wrote:
>
>We plopped v1.2.21 into production over a year (Aug97) ago. We use the
>F-secure WinNT client. We have not seen compelling reason to upgrade.
>Insignificat additional features and huge risk that our WinNT clients would
>also have to be upgraded. I am not aware of published exploits against this
>version, or higher, of SSH.
>
Right. The kicker for me has been that i can't get a V1 client to work with
V2 sshd (and BTW i can't get a V2 client to work with V1 sshd). So this
would mean a wholesale upgrade of all clients, including Windex ones...
Joe Loiacono Phone: (301) 794-2509
Computer Sciences Corporation Fax: (301) 794-9530
