Full Disclosure mailing list archives

Re: new ssh exploit?

From: Bennett Todd <bet () rahul net>
Date: Tue, 16 Sep 2003 13:39:27 -0400

2003-09-16T11:25:47 Ron DuFresne:

On Mon, 15 Sep 2003, christopher neitzert wrote:

1. upgrade to lsh.


But, one has to remember ssh does not stand alone, at least openssh, it
needs openssl to be properly maintained as well.


Another incentive to ditch openssh altogether. lsh seems to work
fine. At last.

lsh doesn't use openssl. It is a completely different code base from
the other sshes.

It's ssh v2 only; I think that's a transition whose time has come.

-Bennett

Attachment: _bin
Description:

Current thread:

RE: new ssh exploit?, (continued)
- - - RE: new ssh exploit? Aditya (Sep 17)
    - Re: new ssh exploit? Cael Abal (Sep 17)
- Re: new ssh exploit? christopher neitzert (Sep 15)
  - Re: new ssh exploit? Adam Shostack (Sep 15)
    - Re: new ssh exploit? Justin Kreger (Sep 15)
    - Re: new ssh exploit? Ron DuFresne (Sep 16)
    - Re: new ssh exploit? Jonathan A. Zdziarski (Sep 16)
    - Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
    - Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
  - Re: new ssh exploit? Ron DuFresne (Sep 16)
    - Re: new ssh exploit? Bennett Todd (Sep 16)
    - Re: new ssh exploit? Ron DuFresne (Sep 16)
    - Re: new ssh exploit? Bennett Todd (Sep 16)
    - Re: new ssh exploit? Blue Boar (Sep 16)
    - Re: new ssh exploit? Bennett Todd (Sep 17)
    - Re: new ssh exploit? Bennett Todd (Sep 18)
    - Re: new ssh exploit? Damian Gerow (Sep 18)
    - Re: new ssh exploit? Bennett Todd (Sep 18)
    - Re: new ssh exploit? Damian Gerow (Sep 18)
    - Re: new ssh exploit? Perry E. Metzger (Sep 18)
    - Re: new ssh exploit? KF (Sep 18)

(Thread continues...)