Re: [suse-security] OpenSSH 3.0.2p1
hi! btw dude can you send me more informations about this hole? never heard about it and wanna know more. thx regards, c0re
From: James Ogley <james.ogley@pinnacle.co.uk> To: Security List <suse-security@suse.com> Subject: [suse-security] OpenSSH 3.0.2p1 Date: 20 Jun 2002 09:34:38 +0100
Hi,
I'm running SuSE 8.0, with OpenSSH 3.0.2p1-108.
This morning, I did a Nessus scan on one of my boxen at home, which reported that this version is vulnerable to the off-by-one hole.
I checked the Security Announcement about this (SuSE-SA:2002:009), but this predates 8.0, and refers to fixed versions of 2.9.9.
Is the package of 3.0.2p2 in 8.0 patched to fix this hole as well, thus rendering that aspect of my Nessus report a red herring? If not, is there an update in the works?
Cheers
James -- James Ogley, Unix Systems Administrator, Pinnacle Insurance Plc james.ogley@pinnacle.co.uk www.pinnacle.co.uk +44 (0) 20 8731 3619 Using Free Software since 1994, running GNU/Linux (SuSE 8.0) Updated GNOME RPMs for SuSE Linux: www.usr-local-bin.org
********************************************************************** CONFIDENTIALITY.This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Pinnacle Insurance plc.
If you have received this email in error please immediately notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.
This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com **********************************************************************
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Werden Sie Mitglied bei MSN Hotmail, dem größten E-Mail-Service der Welt. http://www.hotmail.com
btw dude can you send me more informations about this hole? never heard about it and wanna know more. thx
It's been talked about to death here, but you could have a look in the Bugtraq archives on www.securityfocus.com -- James Ogley, Unix Systems Administrator, Pinnacle Insurance Plc james.ogley@pinnacle.co.uk www.pinnacle.co.uk +44 (0) 20 8731 3619 Using Free Software since 1994, running GNU/Linux (SuSE 8.0) This email was created and sent with Ximian Evolution 1.0.7 NEW: Advogato diary at www.advogato.org/person/riggwelter *********************************************************************** CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Pinnacle Insurance Plc. If you have received this e-mail in error please immediately notify our Helpdesk on +44 (0) 20 8207 9555. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************
participants (2)
-
James Ogley -
thilo mohri