Bugtraq mailing list archives

sshd gives out version number

From: tdyas () REMUS RUTGERS EDU (Tom Dyas)
Date: Thu, 9 Jul 1998 18:19:42 -0400


This is not a vulnerability per se but the ssh daemon in its initial
header when a client connects gives out its version number besides the
protocol version number. Obviously, the protocol version number is needed
but the daemon version number would seem to give away information about
potential vulnerabilties in the ssh daemon which someone could then try
and exploit. A coworker pointed out this behavior to me.

Tom

Current thread:

Re: ncurses 4.1 security bug, (continued)
- - Re: ncurses 4.1 security bug Alan Cox (Jul 08)
    - Re: ncurses 4.1 security bug Perry E. Metzger (Jul 08)
    - Re: ncurses 4.1 security bug Alan Cox (Jul 08)
    - Re: ncurses 4.1 security bug Warner Losh (Jul 09)
    - Re: ncurses 4.1 security bug David Schwartz (Jul 09)
    - Re: ncurses 4.1 security bug matthew green (Jul 10)
    - Re: ncurses 4.1 security bug Theo de Raadt (Jul 10)
    - Re: ncurses 4.1 security bug Wietse Venema (Jul 12)
    - Seattle Lab fixes security issue in SLmail Aleph One (Jul 12)
    - Re: ncurses 4.1 security bug David Schwartz (Jul 09)
    - sshd gives out version number Tom Dyas (Jul 09)
  - Forwared to me Raymond Medeiros (Jul 08)
    - Re: Forwared to me Solar Designer (Jul 09)
    - Remote count.cgi exploit mods _ _ (Jul 09)
    - Re: Remote count.cgi exploit mods Gus (Jul 11)
    - Re: Forwared to me Raymond Medeiros (Jul 09)
    - socks5 1.0r5 buffer overflow.. Zach Brown (Jul 10)
    - Re: Forwared to me Toomas Soome (Jul 10)
    - Re: Forwared to me Michael H. Warfield (Jul 13)
    - Re: Forwared to me Raymond Medeiros (Jul 13)
    - Re: Forwared to me Toomas Soome (Jul 13)

(Thread continues...)