[7214] in bugtraq
sshd gives out version number
daemon@ATHENA.MIT.EDU (Tom Dyas)
Fri Jul 10 12:16:03 1998
Date: Thu, 9 Jul 1998 18:19:42 -0400
Reply-To: Tom Dyas <tdyas@REMUS.RUTGERS.EDU>
From: Tom Dyas <tdyas@REMUS.RUTGERS.EDU>
To: BUGTRAQ@NETSPACE.ORG
This is not a vulnerability per se but the ssh daemon in its initial
header when a client connects gives out its version number besides the
protocol version number. Obviously, the protocol version number is needed
but the daemon version number would seem to give away information about
potential vulnerabilties in the ssh daemon which someone could then try
and exploit. A coworker pointed out this behavior to me.
Tom
