Subject: Re: Fwd: OpenSSH UseLogin proof of concept exploit
To: None <firstname.lastname@example.org, email@example.com>
From: Jan Schaumann <firstname.lastname@example.org>
Date: 12/05/2001 23:31:33
Lubomir Sedlacik <salo@Xtrmntr.org> wrote:
> On Wed, Dec 05, 2001 at 06:55:20PM -0800, Jonathan R. Hinds wrote:
> > I am fairly sure this has been fixed as of OpenSSH 3.0.2p1 -- released
> > December 2nd.
> that could be true. i do not argue. but there is nothing at OpenSSH's website
> about this vulnerability (http://www.openssh.com/security.html), there was no
> security advisory sent to email@example.com. and afaik, i haven't seen
> this anywhere except today's post to vuln-dev (nothing in bugtraq, ..).
There was a message to firstname.lastname@example.org (Message-ID:
<3C0CF8A2.9CC14DE4@clavister.se>, Date: Tue, 04 Dec 2001 17:24:02
+0100), which announced 3.0.2 and mentioned that this release fixed the
UseLogin vulernability. JFTR.