On Wednesday 21 November 2001 13:56, you wrote:
Hi,
On 21-Nov-01 Annette Jaekel wrote:
[...]
From the CERT.org vulnerability note VU#945216:
Overview
There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root.
I. Description
[...]
II. Impact
[...]
III. Solution
[...]
Systems Affected
Vendor - Status - Date - Updated
SSH Communications Security - Vulnerable - 6-Nov-2001 OpenSSH - Vulnerable - 2-Nov-2001 FreeBSD - Vulnerable - 2-Nov-2001 CORE SDI - Vulnerable - 6-Nov-2001 Debian - Vulnerable - 14-Nov-2001
Sorry, but I don't get it... What's with those recent dates ? Isn't this the vulnerability from last februari ?? And if not, is there _really_ a NEW remote root exploit for sshd, PLEASE tell me it ain't so...? You really are scaring me... Maarten -- Maarten J. H. van den Berg ~~//~~ network administrator van Boetzelaer van Bemmel - Amsterdam - The Netherlands http://vbvb.nl T+31204233288 F+31204233286 G+31651994273