[16256] in Athena Bugs
Re: sun4 8.2.9: ssh
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Aug 28 19:26:09 1998
To: Aaron M Bornstein <aaronmb@MIT.EDU>
Cc: bugs@MIT.EDU
In-Reply-To: Your message of "Fri, 28 Aug 1998 19:23:29 EDT."
<199808282323.TAA14831@w20-575-56.mit.edu>
Date: Fri, 28 Aug 1998 19:26:07 EDT
From: Greg Hudson <ghudson@MIT.EDU>
> The installed copy of SSH here is version 1.2.23. This has a
> *published* security vulnerability which can allow attackers to
> hijack connections of SSH users.
Our version of ssh has the CORE-SDI patch (second version) to prevent
this attack, which I believe is the same countermeasure found in ssh
1.2.26. The attack came out during the relatively late testing of the
8.2 release, so we didn't want to do a full upgrade.
