RE: SSH problemer(was: Hvor lang tid har DU til at patche dine se rvere ?)

From: Henrik Kramshøj (none@henrik.kramshoj--vigilante.com.lh.bsd-dk.dk)
Date: Tue 24 Jul 2001 - 12:56:34 CEST

Next message: Mourad de Riche: "Re: FreeBSD...vs OpenBSD -> Solaris"
Previous message: Munish Chopra: "Re: FreeBSD...vs OpenBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

From: Henrik Kramshøj <none@henrik.kramshoj--vigilante.com.lh.bsd-dk.dk>
To: "'bsd-dk@bsd-dk.dk'" <none@bsd-dk--bsd-dk.dk.lh.bsd-dk.dk>
Subject: RE: SSH problemer(was: Hvor lang tid har DU til at patche dine se rvere ?)
Date: Tue, 24 Jul 2001 12:56:34 +0200

Eksempel på dårlig kode:
#include <stdio.h>
main(){printf("Hello mom!\n");}

Jeg checker hverken på returkode for printf() eller noget.

Kode er per definition fyldt med fejl (især kode skrevet af mig :-) )
- hvor jeg med fejl mener at der ikke tages hensyn til "uventede"
hændelser såsom malloc() uden check på returkode m.m.

For advisory om SSH:
(med vilje det mest generelle advisory om SSH, for at undgå
min SSH er bedre end din SSH krige :-) )
http://www.securityfocus.com/advisories/3087
** Vulnerable:

     SSH 1.2.x (ssh.com) -- all recent releases
     F-SECURE SSH 1.3.x -- all recent releases
     OpenSSH prior to 2.3.0 (unless SSH protocol 1 support is disabled)
     OSSH 1.5.7 (by Bjoern Groenvall) and other ssh1/OpenSSH derived
     daemons

Så ja OpenSSH og OpenBSD har også fejl (bare færre end de andre :-) )

Mvh

Henrik Lund Kramshøj

PS Jeg satser på ikke at sende flere mails idag :-) Jeg skal jo arbejde
fra tid til anden.

henrik.kramshoj@vigilante.com
Group Manager/Security Engineer
___________________
VIGILANTe - Assuring Internet Security
www.vigilante.com

Company Phone +45 7020 6565
Direct Phone +45 7731 6584
Mobile Phone +45 2026 6000

-----Original Message-----
From: Flemming Laugaard [mailto:Flemming.Laugaard@uni-c.dk]
Sent: 24. juli 2001 12:36
To: bsd-dk@bsd-dk.dk
Subject: Re: Hvor lang tid har DU til at patche dine servere ?

Hejsa

Lige mine 2cent :)

> og eftersom SSH 3.0.0 fra SSH Comm. ligeledes har et graverende hul
> http://www.securityfocus.com/archive/1/198404
> var ovenstående blot et eksempel ...

OpenSSH ( http://www.openssh.com ) har vist ikke samme problemer.

> Synes I jeg er paranoid ?

Egenligt ikke .... maaske er det spoergsmaalet om du er paranoid nok ?!? ;)

Flemming Laugard

---------------------
Nu ogsaa med CISSP

>>>> VIGILANTe.com NOTICE - AUTOMATICALLY INSERTED <<<<

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.

Any opinions expressed in this email are those of the individual and not
necessarily the Company.

If you receive this transmission in error, please email to
postmaster@vigilante.com, including a copy of this message. Please then
delete this email and destroy any copies of it.

>>>>>>>>>>>>>>>>>>>>>>>>>> DISCLAIMER END <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Next message: Mourad de Riche: "Re: FreeBSD...vs OpenBSD -> Solaris"
Previous message: Munish Chopra: "Re: FreeBSD...vs OpenBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:12 CET