Subject: Re: Fwd: OpenSSH UseLogin proof of concept exploit
To: None <netbsd-users@netbsd.org, tech-security@netbsd.org>
From: Jan Schaumann <jschauma@netmeister.org>
List: tech-security
Date: 12/05/2001 23:31:33
Lubomir Sedlacik <salo@Xtrmntr.org> wrote:

> On Wed, Dec 05, 2001 at 06:55:20PM -0800, Jonathan R. Hinds wrote:
> > I am fairly sure this has been fixed as of OpenSSH 3.0.2p1 -- released
> > December 2nd.
> 
> that could be true. i do not argue. but there is nothing at OpenSSH's website
> about this vulnerability (http://www.openssh.com/security.html), there was no
> security advisory sent to tech-security@netbsd.org. and afaik, i haven't seen
> this anywhere except today's post to vuln-dev (nothing in bugtraq, ..).

There was a message to bugtraq@securityfocus.com (Message-ID:
<3C0CF8A2.9CC14DE4@clavister.se>, Date: Tue, 04 Dec 2001 17:24:02
+0100), which announced 3.0.2 and mentioned that this release fixed the
UseLogin vulernability.  JFTR.

-Jan

-- 
http://www.netmeister.org
http://guinness.cs.stevens-tech.edu/~jschauma/