tech-security: Re: Fwd: OpenSSH UseLogin proof of concept exploit

Subject: Re: Fwd: OpenSSH UseLogin proof of concept exploit
To: Lubomir Sedlacik <salo@Xtrmntr.org>
From: Jonathan R. Hinds <jon@fork.yi.org>
List: tech-security
Date: 12/05/2001 18:55:20

I am fairly sure this has been fixed as of OpenSSH 3.0.2p1 -- released
December 2nd.


--jon

On Thu, 6 Dec 2001, Lubomir Sedlacik wrote:

> hi,
>
> confirmed on:
>
> NetBSD 1.5X  - OpenSSH_2.9 NetBSD_Secure_Shell-20010624
> NetBSD 1.5.2 - OpenSSH_2.5.1 NetBSD_Secure_Shell-20010614
>
> everyone who use "UseLogin yes" and have key authentication allowed for local
> users, please at least set "UseLogin no" or comment it out.
>
>