OpenSSH heads-up
Jacques A. Vidrine
nectar at FreeBSD.org
Tue Sep 16 11:54:19 PDT 2003
On Tue, Sep 16, 2003 at 12:49:23PM -0600, Brett Glass wrote:
> Interesting.
>
> I could scan the source, but perhaps you already have and can answer
> the following questions:
>
> 1. Could the bug be exploited by someone who had not authenticated
> with the server?
>
> 2. Can it be worked around by changing the configuration until one
> has time to patch? (You mention that it's an SSH2 exploit; perhaps
> one can disable SSH2 and use SSH1 in the interim?)
AFAICT, you need not authenticate, it is not specific to protocol
version 2, and there is no workaround.
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list