Re: New security alert

From: William Hooper (whooperhsd@earthlink.net.NO_SPAM)
Date: 12/18/02


From: "William Hooper" <whooperhsd@earthlink.net.NO_SPAM>
Date: Wed, 18 Dec 2002 00:16:24 GMT


"Julian Cole" <greenmanjc@yahoo.com> wrote in message
news:f12a4d83.0212171347.76586f45@posting.google.com...
> New SSH vulnerabilities are reported in:
> http://boston.internet.com/news/article.php/1558101
> for a number of ssh-implementations. OpenSsh is said to be safe.
> Does anyone know about puTTY?
>
> - Julian Cole

The "PuTTY 0.53b addresses vulnerabilities discovered by SSHredder" in the
advisory wasn't obvious enough?

In fact it looks like most SSH venders aren't vulnerable according to the
actual CERT advisory. And they wonder why a number of people don't take
security seriously with headlines like that.

--
William Hooper
No one is perfect, but some of us are closer than others


Relevant Pages

  • Re: [IPS] PUTTY SSH-Client Exploit
    ... > have used the concept to code this exploit/proof of concept. ... > It's a fake server to exploit the putty client. ... I should point out that the vulnerabilities uncovered by Rapid 7 were ... fixed in PuTTY 0.53b, ...
    (Bugtraq)
  • Re: Somebody is keep trying to ssh into my systems, how can I stop that?
    ... are current vulnerabilities, and you do not claim they are ... technology based on their lack of understanding of the technologies, ... "And there are a shitload of ssh vulnerabilities that would allow remote ...
    (comp.os.linux.security)
  • Re: [OT] Security hole in PuTTY (Windows ssh client)
    ... > the following item regarding PuTTY: ... > Title: PuTTY Remote Buffer Overflow ... PuTTY is a free Telnet and SSH client. ... PuTTY 0.55 fixes these vulnerabilities. ...
    (freebsd-questions)
  • Re: Disable Stack Execution?
    ... > By Disabling stack execution on Solaris 6 and 8 servers, ... The CERT advisory discusses different measures that can be taken including ... reduce the risk of "stack smashing" attacks based on these vulnerabilities. ...
    (comp.security.unix)