Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
September 17, 2003, 1:01 am
rate this thread
I have been reading quite a bit, but have not found/read about any actual
exploit; nor do I see, myself, how it could be exploited even. And can it
bypass the 'privilege separation'? And even if, if no root-logins are
allowed (I consider allowing root-logins tantamount to having your system
misconfigured anyway), could root be compromised?
System Administrator Asarian-host.org
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
Re: What the real effects are of the latest Open SSH bug?
I think it's mostly hype right now, people hear "buffer" & "overflow"
and they totally forget about the part that says "maybe possible, not
sure". I upgraded anyway, just because I always like to have the newest
stuff, but I myself don't see ssh as being real-life exploitable be
these means, not until it's proven with actual code, not just in theory.
Supposedly, a host could receive many,many connections at once, and
something about that would allow a root exploit- the details I saw were
real foggy too- like I said, I think it's more hype right now than anything.
On the other hand, if you're running an Internet server that provides
ssh along with many other services, it's always a good idea to be
rock-solid, because we're getting attacked all the time. Not a week goes
by that I don't get at least one half-way decent attempt on my system-
usually wanna-be hackers & script kiddies, but still....
>> jayjwa >> Reg.Linux user #207147
Maildrop:jayjwa AT hotmail.com -- 4 Spammers: mailto: email@example.com
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum