Bugtraq mailing list archives
Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
From: Marcus Meissner <mm () ns caldera de>
Date: Sun, 22 Jul 2001 00:48:58 +0200
In article <FNEKKFMHLBAMAHPEHBLMCEAGCAAA.customer.service () ssh com> you wrote:
Dear Secure Shell Community,
A potential remote root exploit has been discovered in SSH Secure Shell 3.0.0, for Unix only, concerning accounts with password fields consisting of two or fewer characters. Unauthorized users could potentially log in to these accounts using any password, including an empty password. This affects SSH Secure Shell 3.0.0 for Unix only. This is a problem with password authentication to the sshd2 daemon. The SSH Secure Shell client binaries (located by default in /usr/local/bin) are not affected.
SSH Secure Shell 3.0.1 fixes this problem. ... ... Vulnerable ... ... Caldera Linux 2.4
Caldera is not shipping the commercial version of SSH in its Linux distribtuins and so is NOT vulnerable except in cases where the administrator installed the commercial version of SSH. We are instead providing OpenSSH version 2.9p2 for all supported platforms, which is not affected by above flaw. Ciao, Marcus -- _____ ___ / __/____/ / Caldera (Deutschland) GmbH / /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen /_____//_/ /____/ Dipl. Inf. Marcus Meissner, email: mm () caldera de ==== /_____/ ====== phone: ++49 9131 7912-300, fax: ++49 9131 7192-399 Caldera OpenLinux
Current thread:
- URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 20)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Dan Kaminsky (Jul 20)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Dale Southard (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Nate Eldredge (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brandon S. Allbery KF8NH (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Dale Southard (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Michal Zalewski (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 j (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Trond Eivind Glomsrød (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jen B. (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Marcus Meissner (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Florian Weimer (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Thomas Roessler (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Lucian Hudin (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Sports (Jul 24)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Seth Arnold (Jul 24)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Thomas Roessler (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Dan Kaminsky (Jul 20)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Marcin Zurakowski (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jaime BENJUMEA (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jonathan A. Zdziarski (Jul 23)