14 Feb
2006
14 Feb
'06
15:52
That was quick, Marcus. Thanks!
On 2/14/06, Marcus Meissner
1. Thanks for the patch and announcement today : SUSE-SA:2006:008 ... 3. I have now avidly read the major reports of CVE-2006-0225, most of whom classify it as low priority, and all classify as local.
I was undecided too when chosing it, and I do not see a direct threat.
It is post authentication.
The only way I understand this is problematic is when you have a scp-only remote configuration and can then execute programs on the remote machine.
That puts my mind at rest. Best regards, David