[12036] in bugtraq
Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Tue Sep 28 15:20:12 1999
Message-Id: <199909280243.d8S2hKP04246@black-ice.cc.vt.edu>
Date: Mon, 27 Sep 1999 22:43:19 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To: Dan Astoorian <djast@CS.TORONTO.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Mon, 27 Sep 1999 11:35:44 EDT."
<99Sep27.113548edt.96305-2339@jane.cs.toronto.edu>
On Mon, 27 Sep 1999 11:35:44 EDT, Dan Astoorian <djast@CS.TORONTO.EDU> said:
> A trivial demo program that demonstrates the problem is attached. (It
> needs no special privileges; run it as an unprivileged user in any
> writable directory.) The program reports "okay" under Solaris 2.5.1 and
> IRIX 6.5.2, "vulnerable" under RedHat 6.
AIX 4.3.2 with all the recent Fixdist patches also says "okay".
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
