Security Incidents mailing list archives

Re: SSH2 Exploit?


From: stany () NOTBSD ORG (//Stany)
Date: Wed, 16 Feb 2000 09:44:22 -0500


On Tue, 15 Feb 2000, Mike Tancsa wrote:
At 10:42 AM 2/11/2000 -0500, Jonathan A. Zdziarski wrote:
I know the latest qpopper has exploits which is why we use the pre-beta
versions.  I've since wrapped ssh to run from inetd, and prevented any
connections outside of our network.

2.53 has remote exploits ?  Can you point me to the corresponding BUGTRAQ
post ?  If not, please post to the list what the exploit is.

2.53 is not the latest qpopper anymore.  3.0 betas are, and while in b32
and earlier there were some security problems, b34 seems to fix them.
Of course, as the source code have not yet been audited by large number of
people, the could be more problems with the qpopper 3.0 that were either
not uncovered yet, or are being kept private by the people who found them.

To the best of my knowledge, qpopper 2.53 is rather secure.

         ---Mike

HTH. HAND.

Signed:
//Stany

--
+-------+ Stanislav N Vardomskiy - Procurator Odiosus Ex Infernis[TM] +-------+
| "Backups we have; it's restores that we find tricky." Richard Letts at ASR  |
| This message is powered by JOLT!  For all the sugar and twice the caffeine. |
+--------+ My words are my own.  LARTs are provided free of charge. +---------+



Current thread: