Bugtraq post on putty "proof of concept"
From: NOSPAM@sonic.net
Date: 12/30/02
- Previous message: Jean-Pierre Abello: "Re: ssh timeout ?"
- Next in thread: Neil W Rickert: "Re: Bugtraq post on putty "proof of concept""
- Reply: Neil W Rickert: "Re: Bugtraq post on putty "proof of concept""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: <NOSPAM@sonic.net> Date: Mon, 30 Dec 2002 02:03:26 GMT
Hello,
I see:(Dec. 28, 2002)
http://online.securityfocus.com/archive/1/304609/2002-12-27/2003-01-02/
and: (Dec. 17, 2002)
http://online.securityfocus.com/archive/1/303724
and (Dec 16, 2002)
http://online.securityfocus.com/archive/1/303537
The latest putty (beta v0.53b) was released Dec. 12, 2002.
Upon inspecting the Changes
( http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html )
I see general notes of security fixes in 0.53 and 0.53b, but nothing explicit.
Do either, neither or both of these have fixes against the reported bug in
ssh2 implementation?
Often, exploits are created for older versions where present (newer) versions
have fixes shortly after a new version comes out. In this case, *if* the
present version(s) are imune to the proof of concept, then it is simple to
understand that there is no way that the latest changes log could reference
bugtraq items that it did not know about - even if the latest version is
immune to it. :-)
(As per the web page home, I am posting my question here instead of sending
e-mail to the development team.)
(To reply in email, remove the words "no" and "spam" and replace with
"cotman")
TIA,
-ME
- Next message: Neil W Rickert: "Re: Bugtraq post on putty "proof of concept""
- Previous message: Jean-Pierre Abello: "Re: ssh timeout ?"
- Next in thread: Neil W Rickert: "Re: Bugtraq post on putty "proof of concept""
- Reply: Neil W Rickert: "Re: Bugtraq post on putty "proof of concept""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
