Date: Fri, 5 Oct 2001 13:37:19 -0600 From: Nate Williams <nate@yogotech.com> To: The Anarcat <anarcat@anarcat.dyndns.org> Cc: Brandon Fosdick <bfoz@glue.umd.edu>, stable@FreeBSD.ORG Subject: Re: Why sshd:PermitRootLogin = no ? Message-ID: <15294.3055.545523.571858@nomad.yogotech.com> In-Reply-To: <20011005134645.A7287@shall.anarcat.dyndns.org> References: <19436.1002297239@axl.seasidesoftware.co.za> <20011005120139.D10847@pir.net> <3BBDF0E9.20BA0F56@glue.umd.edu> <20011005134645.A7287@shall.anarcat.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> You must be talking about a vulnerability which allows an attacker to > "guess" the *length* of a string being passed in an SSH connection. > > This has been fixed, for what I know. It certainly doesn't appear to be fixed in the version of OpenSSH used in -stable. (At least, not when it talks to the SSHD on a 4.4-Release box.) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15294.3055.545523.571858>