[31611] in bugtraq
Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential
daemon@ATHENA.MIT.EDU (Frank Knobbe)
Tue Sep 16 16:05:48 2003
From: Frank Knobbe <frank@knobbe.us>
To: bugtraq@securityfocus.com
In-Reply-To: <200309161755.h8GHtk812185@porkchop.devel.redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Wa1B3sITgBN1SzTQgkOC"
Message-Id: <1063740429.496.194.camel@localhost>
Mime-Version: 1.0
Date: Tue, 16 Sep 2003 14:27:09 -0500
--=-Wa1B3sITgBN1SzTQgkOC
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Great.=20
So RedHat says the SSH issue is exploitable. FreeBSD says it is not
believed to be exploitable. And I believe Theo said the same for
OpenBSD. Is RedHat just scare mongering? Is there any proof of
exploitation (other than a Dos)? Does someone have a proof of all those
alleged exploitations going on all around world? Is the sky falling
again?
--=-Wa1B3sITgBN1SzTQgkOC
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQA/Z2QNpo+MRgtrF98RAmMGAKCz+Isb45QFyossTjKFyQ+tLvDYEgCgvmB+
MXj/eZayiFei3qI/by5tAho=
=kpYg
-----END PGP SIGNATURE-----
--=-Wa1B3sITgBN1SzTQgkOC--
