-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Warner wrote:
>> Leaving aside for a moment the fact that the Sun admin needs his/her >> head checked for having telnet open in the first place (it appears >> that the telnet buffer overflow from last summer was patched ... in >> _January_), you should probably try 'export TERM=vt100' before >> connecting and see if that helps. >> >> If, on the other hand, it is you that administers this Sun box, then >> *thwap* to you for not killing telnet ages ago. >Nothing wrong with telnet in a firewalled environment, unless you are >worried about your users. I'll sidestep a lengthy discussion of best practices, but that isn't true. If you pass cleartext internally, any breach results in ownership of all your passwords. >OpenSSH has had a much more checkered security history in the past >few months. Recently: the issue last week with multiple channels, >then the zlib issue announced yesterday. Two upgrades in one week >for security issues! Now which protocol is the bigger security >threat? Think the answer is equivocal at this time. I'm not sure I'd equate a 4-month-old remotely exploitable buffer overflow with a locally-exploitable vulnerability (*) that was patched in hours. But that's just my opinion. As for zlib, not only is its effect on sshd incidental, but its potential ramifications extend to a dizzying array of software on both Unix and Win32, so I'm not sure that's relevant in this case. - -d (*) The recent OpenSSH bug cannot be used to remotely compromise a server. - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPJFpi79BpdPKTBGtEQLrrACgheDO+fUNUCFkK/Ueg/YPl5OpNrkAn2h4 p963gVUGeXSwtu3vevnZCcOn =elUt -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list