[12046] in bugtraq
Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
daemon@ATHENA.MIT.EDU (Mike Iglesias)
Wed Sep 29 14:48:40 1999
Message-Id: <199909282124.OAA26336@draco.acs.uci.edu>
Date: Tue, 28 Sep 1999 14:24:05 -0700
Reply-To: Mike Iglesias <iglesias@DRACO.ACS.UCI.EDU>
From: Mike Iglesias <iglesias@DRACO.ACS.UCI.EDU>
X-To: Dan Astoorian <djast@cs.toronto.edu>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of Mon, 27 Sep 1999 11:35:44 -0400.
<99Sep27.113548edt.96305-2339@jane.cs.toronto.edu>
> A trivial demo program that demonstrates the problem is attached. (It
> needs no special privileges; run it as an unprivileged user in any
> writable directory.) The program reports "okay" under Solaris 2.5.1 and
> IRIX 6.5.2, "vulnerable" under RedHat 6.
According to your program, Digital Unix 4.0B, 4.0D, and Tru64 Unix 4.0F
are all vulnerable.
Mike Iglesias Internet: iglesias@draco.acs.uci.edu
University of California, Irvine phone: 949-824-6926
Office of Academic Computing FAX: 949-824-2069
