Thorsten Liebig wrote:
Hi Sven,
just for the ppl who don't know already:
I just want to avoid to misunderstand the content of that URL It says:
------------------------------------------------------------------- Application : OpenSSH Version(s) : All versions between 2.0 and 3.0.2 -------------------------------------------------------------------
Does that mean openssh-3.0.2p1 is vulnerable ? Is the situation different, if password authentication is not allowed from sshd ?
i think thats what it mean .. the authentication is irrelevant cause the user must authenticate first .. but if he is authenticated, he's able to 'root' the box (if i understand this announcement right) -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.