22 Apr
2002
22 Apr
'02
14:35
Hi! On Mon, 22 Apr 2002, Thomas Springer wrote:
anybody out there who got the exploit under http://online.securityfocus.com/bid/4560 to work against ssh 3.x.x?
More interesting for me at the moment: is openssh-2.9.9p2, as supplied by SuSE on the update server, vulnerable? If I understand the bugtraq posting (of 19-April-2002) correctly, the bug is somewhre in the Kerberos token handling; apparently, at least the SuSE 7.2 version was compiled with Kerberos support disabled (all Kerberos-related options I tried were answered with an error message), so this version should be safe - right? Martin