Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
From: Yves-Alexis Perez <corsac () debian org>
Date: Fri, 27 Jan 2012 11:40:47 +0100

On jeu., 2012-01-26 at 19:49 -0500, Marc Deslauriers wrote:
Please use CVE-2012-0814 for this issue. Also please let me know if
other Linux distributions are affected!

Looks like this (I haven't tried...):


By the way, is the ForceCommand (and other directives) really supposed
to be private for different keys (or, more widely, for different matches
for the same user).


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]