"Stephanie Thomas" <[EMAIL PROTECTED]> writes: > A potential remote root exploit has been discovered > in SSH Secure Shell 3.0.0, for Unix only, concerning > accounts with password fields consisting of two or > fewer characters. A quick glance at the source code suggests that SSH 2.3.0 and 2.4.0 have the same problem. Is this true? > Use the following patch in the source code: It is not quite clear whether the license agreement permits modification of the source code. -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
- URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0... Stephanie Thomas
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE ... Dan Kaminsky
- Re: URGENT SECURITY ADVISORY FOR SSH SEC... Dale Southard
- Re: URGENT SECURITY ADVISORY FOR SSH... Nate Eldredge
- Re: URGENT SECURITY ADVISORY FOR SSH SEC... Brandon S. Allbery KF8NH
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE ... Michal Zalewski
- Re: URGENT SECURITY ADVISORY FOR SSH SEC... j
- Re: URGENT SECURITY ADVISORY FOR SSH SEC... Trond Eivind Glomsr�d
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE ... Jen B.
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE ... Marcus Meissner
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE ... Florian Weimer
- Re: URGENT SECURITY ADVISORY FOR SSH SEC... Thomas Roessler
- Re: URGENT SECURITY ADVISORY FOR SSH... Lucian Hudin
- RE: URGENT SECURITY ADVISORY FOR SSH... Sports
- Re: URGENT SECURITY ADVISORY FOR... Seth Arnold
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE ... Marcin Zurakowski
- Re: URGENT SECURITY ADVISORY FOR SSH SEC... Brian Carpio
- Re: URGENT SECURITY ADVISORY FOR SSH... Stephanie Thomas
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE ... Jaime BENJUMEA
- RE: URGENT SECURITY ADVISORY FOR SSH SEC... Jonathan A. Zdziarski
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE ... Roman Drahtmueller
