[21781] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

daemon@ATHENA.MIT.EDU (Jaime BENJUMEA)
Mon Jul 23 12:56:49 2001

Date: Sat, 21 Jul 2001 18:26:48 +0200 (CEST)
From: Jaime BENJUMEA <benjumea@dte.us.es>
To: Stephanie Thomas <customer.service@ssh.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <FNEKKFMHLBAMAHPEHBLMCEAGCAAA.customer.service@ssh.com>
Message-ID: <Pine.LNX.4.21.0107211822500.26082-100000@teclix.dte.us.es>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


Stephanie Thomas wrote:

> 
> A potential remote root exploit has been discovered 
> in SSH Secure Shell 3.0.0, for Unix only, concerning 
> accounts with password fields consisting of two or 
> fewer characters. Unauthorized users could potentially 
> log in to these accounts using any password, including 
> an empty password.  This affects SSH Secure Shell 3.0.0
> for Unix only.  This is a problem with password 

Does anybody know if previous versions (2.4) are also affected?


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21781] in bugtraq

Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

daemon@ATHENA.MIT.EDU (Jaime BENJUMEA)Mon Jul 23 12:56:49 2001

daemon@ATHENA.MIT.EDU (Jaime BENJUMEA)
Mon Jul 23 12:56:49 2001