On Fri, Nov 8, 2013 at 7:47 PM, coderman coder...@gmail.com wrote:
surprised not a peep about this one here yet,... hmmm
a fun one ;)
we are accustomed to old software adding risk;
new (secondary effects of combined AUTH+ENC modes)
also carries risk!
Well know possibility, yes. In any
If exploited, this vulnerability might permit code execution
with the privileges of the authenticated user
might explains the absence ;-)
Have a good one :-)
On 08.11.13 19:47, coderman wrote:
surprised not a peep about this one here yet,... hmmm
a fun one ;)
we are accustomed
Actually, guys... im wondering if the lack of response is due to falling
user participation... what do you think about doing a promotion in Twitter
to bring more people into the mix here?
--
Robert Q Kim
Printing and Logistics In Hong Kong and Japan
http://www.youtube.com/watch?v=YrKx38pMlEo
surprised not a peep about this one here yet,... hmmm
a fun one ;)
we are accustomed to old software adding risk;
new (secondary effects of combined AUTH+ENC modes)
also carries risk!
---
OpenSSH Security Advisory: gcmrekey.adv
This document may be found at:
On Fri, Nov 8, 2013 at 10:56 AM, CERT OPS Marienfeldt
cert.marienfe...@gmail.com wrote:
If exploited, this vulnerability might permit code execution
with the privileges of the authenticated user
might explains the absence ;-)
how many integrations and services auth without shell?
It would be interesting to know how many people fall I to this combination.
Fedora 19 has the correct version and cipher suite.
Redhat AS/Enterprise 6 has a earlier version of OpenSSH so presumably not
vulnerable (but I haven't tested ).
So that leaves Ubuntu as the other major Linux distro who
On Fri, Nov 8, 2013 at 8:28 PM, Bob Man Van Kim evdo.hs...@gmail.com wrote:
Actually, guys... im wondering if the lack of response is due to falling
user participation...
clearly we need more vulnerable installations. please reply with to
this email with your IPv4 listen addr and port once