Re: Versions vs vulnerabilities

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 01/28/04

• Next message: Doug Summers: "Re: Connection closing on AIX 5.1 - UPDATE"
• Previous message: Gary Armstrong: "Versions vs vulnerabilities"
• In reply to: Gary Armstrong: "Versions vs vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Jan 2004 22:05:41 +0000 (UTC)

In article <1075325214.834548@news-1.nethere.net>,
Gary Armstrong <garyarm_remThis_at_testedgeinc.com> wrote:
>Is there a place to look up a particular version of openssh against
>known vulnerabilities?
>
>My version 3.5p1-6 isn't the latest, but if there are no significant
>holes, I'd just as soon stay here.

Ask your vendor (the "-6" indicates that they have made a number of
changes).

Vanilla OpenSSH < 3.7.1 has a buffer handling problem:
http://www.openssh.com/txt/buffer.adv
Your vendor may have applied a patch to address this.

In addition, Portable versions 3.7p1 and 3.7.1p1 have a problem with
PAM: http://www.openssh.com/txt/sshpam.adv

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

• Next message: Doug Summers: "Re: Connection closing on AIX 5.1 - UPDATE"
• Previous message: Gary Armstrong: "Versions vs vulnerabilities"
• In reply to: Gary Armstrong: "Versions vs vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: tcsetpgrp() ... Which SSH implementation and version thereof are you running? ... On QNX the pty allocation process apparently ... In the next release of OpenSSH, ... Good judgement comes with experience. ... (comp.security.ssh) Re: SSH Connecting through Firewall ... >client to use HTTPS or FTP proxy. ... There is no such option in the OpenSSH ... Good judgement comes with experience. ... (comp.security.ssh) Re: Adding "X11UseLocalhost no" to /etc/ssh/sshd_config breaks x forwarding ... telnet: Unable to connect to remote host: Connection refused ... has been turned off either by Openssh or by Red Hat. ... feature or a bug I am unsure, there are warnings in the man page ... Good judgement comes with experience. ... (SSH) Re: Solaris 9 sshd<---> Cygwin/X ssh Problems ... >uses a Solaris box as an sshd server? ... I don't know if this exists in SunSSH but for OpenSSH this can be caused ... Good judgement comes with experience. ... (comp.security.ssh) Re: Tacacs and OpenSSH ... attempting to integrate a Tacacs+ PAM with OpenSSH. ... There's a patch that may help at ... Good judgement comes with experience. ... (SSH)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint