On Sat, Feb 10, 2001 at 07:55:17AM -0800, Joshua R. Poulson wrote:
> > I just read Razor's vulnerability advisory, as reported on slashdot.
> >
> > Any truth to it, or is it another wannabe ?
> >
> > Why wasn't this reported on this list, before or at least at the same time
> > the advisory was released ? It seems serious to me...
>
> It's real enough for most vendors to respond. I think you want
> to make sure your servers have at least 1.2.30/2.4.0 or
> openssh 2.3.0p1 at this point.
well, 1.2.30 does not contain a fix for this problem.
> Van Dyke also released SecureCRT 3.2.1 to deal with this.
>
> I would not be surprised to see other vendors responding.
-markus
