Full Disclosure mailing list archives
Re: OpenSSH Security Advisory: gcmrekey.adv
From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Fri, 08 Nov 2013 19:06:48 -0500
It would be interesting to know how many people fall I to this combination. Fedora 19 has the correct version and cipher suite. Redhat AS/Enterprise 6 has a earlier version of OpenSSH so presumably not vulnerable (but I haven't tested ). So that leaves Ubuntu as the other major Linux distro who might run a recent enough version. I haven't checked *bsds or open Solaris. Cheers, Harry coderman <coderman () gmail com> wrote:
On Fri, Nov 8, 2013 at 10:56 AM, CERT OPS Marienfeldt <cert.marienfeldt () gmail com> wrote:"If exploited, this vulnerability might permit code execution with the privileges of the authenticated user" might explains the absence ;-)how many integrations and services auth without shell? /sbin/nologin to /sbin/privescalate ... tough crowd. i leave you to your preauth remote exec fantasies, ;) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 08)
- Re: OpenSSH Security Advisory: gcmrekey.adv yersinia (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv CERT OPS Marienfeldt (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 08)
- <Possible follow-ups>
- Re: OpenSSH Security Advisory: gcmrekey.adv Harry Hoffman (Nov 08)
- Re: OpenSSH Security Advisory: gcmrekey.adv Bob Man Van Kim (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv Bob Man Van Kim (Nov 09)