Security Incidents mailing list archives
Re: SSH2 Exploit?
From: stany () NOTBSD ORG (//Stany)
Date: Wed, 16 Feb 2000 09:44:22 -0500
On Tue, 15 Feb 2000, Mike Tancsa wrote:
At 10:42 AM 2/11/2000 -0500, Jonathan A. Zdziarski wrote:I know the latest qpopper has exploits which is why we use the pre-beta versions. I've since wrapped ssh to run from inetd, and prevented any connections outside of our network.2.53 has remote exploits ? Can you point me to the corresponding BUGTRAQ post ? If not, please post to the list what the exploit is.
2.53 is not the latest qpopper anymore. 3.0 betas are, and while in b32 and earlier there were some security problems, b34 seems to fix them. Of course, as the source code have not yet been audited by large number of people, the could be more problems with the qpopper 3.0 that were either not uncovered yet, or are being kept private by the people who found them. To the best of my knowledge, qpopper 2.53 is rather secure.
---Mike
HTH. HAND. Signed: //Stany -- +-------+ Stanislav N Vardomskiy - Procurator Odiosus Ex Infernis[TM] +-------+ | "Backups we have; it's restores that we find tricky." Richard Letts at ASR | | This message is powered by JOLT! For all the sugar and twice the caffeine. | +--------+ My words are my own. LARTs are provided free of charge. +---------+
Current thread:
- Re: Recent DDoS, (continued)
- Re: Recent DDoS Vanja Hrustic (Feb 09)
- Re: Recent DDoS (was Ping flood? Whats the point?) Kerry Baker (Feb 09)
- Re: Recent DDoS (was Ping flood? Whats the point?) Eivind Eklund (Feb 11)
- SSH2 Exploit? Jonathan A. Zdziarski (Feb 09)
- Re: SSH2 Exploit? Alexander Kiwerski (Feb 10)
- Re: SSH2 Exploit? Richard Trott (Feb 10)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Jonathan A. Zdziarski (Feb 11)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Mike Tancsa (Feb 15)
- Re: SSH2 Exploit? //Stany (Feb 16)
- Re: SSH2 Exploit? sysadmin (Feb 16)
- AdForce hitting odd ports Rick Tortorella (Feb 11)
- UDP to 161 CL: Nelson, Jeff (Feb 10)
- Re: UDP to 161 Pavel Kankovsky (Feb 15)
- Re: UDP to 161 Ryan Russell (Feb 15)
- Re: UDP to 161 CyberPsychotic (Feb 16)
- Re: UDP to 161 Russell Fulton (Feb 15)
- Re: Private networks and home.{net|com} Andy Smith (Feb 09)
- massive unapproved AXFR's and odd rcvd NOTIFY's Paul Wouters (Feb 09)
- Re: massive unapproved AXFR's and odd rcvd NOTIFY's Francis A. Vidal (Feb 09)
