Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
From: Frank Knobbe <frank@xxxxxxxxx>
Date: Tue, 16 Sep 2003 14:27:09 -0500
In-reply-to: <200309161755.h8GHtk812185@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200309161755.h8GHtk812185@xxxxxxxxxxxxxxxxxxxxxxxxx>

Great. 

So RedHat says the SSH issue is exploitable. FreeBSD says it is not
believed to be exploitable. And I believe Theo said the same for
OpenBSD. Is RedHat just scare mongering? Is there any proof of
exploitation (other than a Dos)? Does someone have a proof of all those
alleged exploitations going on all around world? Is the sky falling
again?

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
  - From: bugzilla

Prev by Date: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
Next by Date: [SECURITY] [DSA-382-1] OpenSSH buffer management fix
Previous by thread: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
Next by thread: [SECURITY] [DSA-382-1] OpenSSH buffer management fix
Index(es):
- Date
- Thread