[NCLUG] Nasty-bad OpenSSH Exploit
J. Paul Reed
preed at sigkill.com
Wed Jun 26 19:47:27 MDT 2002
On Wed, 26 Jun 2002, Michael Dwyer wrote:
> Executive summary: Turn off SKey, turn on PriviledgeSeparation, or
> upgrade to 3.4. Upgrade to 3.4 anyway, to miss some other bugs they
> found.
The way Theo de Raadt handled this exploit was appaling, unacceptable, and
downright irresponsible.
I wrote a message to SVLUG about this
(http://lists.svlug.org/archives/svlug/2002-June/041069.html, a longer
thread) which was confirmed today
(http://lists.svlug.org/archives/svlug/2002-June/041098.html, a comparably
shorter thread).
I post the URLs here because I'm curious what people in NCLUG-land think.
Later,
Paul
--------------------------------------------------------------------
J. Paul Reed preed at sigkill.com || web.sigkill.com/preed
Nothing satisfies more than a post-coital omelet of your own design.
-- Will Farrell, Saturday Night Live, 5/18/02
More information about the NCLUG
mailing list