|
Full Disclosure
mailing list archives
Re: OpenSSH Security Advisory: gcmrekey.adv
From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Fri, 08 Nov 2013 19:06:48 -0500
It would be interesting to know how many people fall I to this combination.
Fedora 19 has the correct version and cipher suite.
Redhat AS/Enterprise 6 has a earlier version of OpenSSH so presumably not vulnerable (but I haven't tested ).
So that leaves Ubuntu as the other major Linux distro who might run a recent enough version.
I haven't checked *bsds or open Solaris.
Cheers,
Harry
coderman <coderman () gmail com> wrote:
On Fri, Nov 8, 2013 at 10:56 AM, CERT OPS Marienfeldt
<cert.marienfeldt () gmail com> wrote:
"If exploited, this vulnerability might permit code execution
with the privileges of the authenticated user"
might explains the absence ;-)
how many integrations and services auth without shell? /sbin/nologin
to /sbin/privescalate ...
tough crowd. i leave you to your preauth remote exec fantasies,
;)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
