OpenSSH (version < 3.4p1) && linux

From: chris (chris@secure-packets.com)
Date: 07/14/02


From: chris <chris@secure-packets.com>
To: pen-test@securityfocus.com
Date: 14 Jul 2002 09:49:51 -0500

It seems there is much debate on whether linux based hosts are
vulnerable to the recent remote root exploit for OpenSSH. I have seen
advisories for FreeBSD/NetBSD/OpenBSD but the two systems that I have
most encountered in my tests are Linux and Solaris, though I can't find
a proof of concept exploit for these systems. Any information would be
greatly appreciated.

Thanx,
::chris

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • RE: Laboratory Setup Help (RS)
    ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >> vulnerabilities please see: ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Cross Site Scripting Vulnerabilities - XSS
    ... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Cross Site Scripting Vulnerabilities - XSS
    ... Cross Site Scripting Vulnerabilities - XSS ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: Vulnebrability level definition
    ... 'severity' of a given vulnerability, and this severity can change with time. ... different methodologies to rate vulnerabilities and present the associated ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Scanners and unpublished vulnerabilities - Full Disclosure
    ... AH> vulnerabilities they have notified vendors about. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)