[NCLUG] Nasty-bad OpenSSH Exploit

J. Paul Reed preed at sigkill.com
Wed Jun 26 19:47:27 MDT 2002


On Wed, 26 Jun 2002, Michael Dwyer wrote:

> Executive summary:  Turn off SKey, turn on PriviledgeSeparation, or
> upgrade to 3.4.  Upgrade to 3.4 anyway, to miss some other bugs they
> found.

The way Theo de Raadt handled this exploit was appaling, unacceptable, and
downright irresponsible.

I wrote a message to SVLUG about this
(http://lists.svlug.org/archives/svlug/2002-June/041069.html, a longer
thread) which was confirmed today
(http://lists.svlug.org/archives/svlug/2002-June/041098.html, a comparably
shorter thread).

I post the URLs here because I'm curious what people in NCLUG-land think.

Later,
Paul
    --------------------------------------------------------------------
    J. Paul Reed              preed at sigkill.com || web.sigkill.com/preed
    Nothing satisfies more than a post-coital omelet of your own design.
                           -- Will Farrell, Saturday Night Live, 5/18/02




More information about the NCLUG mailing list