[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SSH Secure Shell Authentication Bypass Vulnerability
- Subject: Re: [cobalt-security] SSH Secure Shell Authentication Bypass Vulnerability
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Wed, 25 Jul 2001 02:23:31 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wed, 25 Jul 2001, R. Hamburg wrote:
> > Recommendations:
> >
> > Detailed exploit information has been released publicly, and ISS X-Force
> > urges system administrators to upgrade to the latest version of SSH
> > Secure Shell made available by SSH Communications Security, Inc. SSH
> > Communications Security, Inc. has announced a new version of SSH that
> > contains a fix for this vulnerability. ISS X-Force recommends that all
> > SSH Secure Shell 3.0.0 users upgrade to SSH Secure Shell 3.0.1
> > immediately. The new version is available at the following addresses:
> >
>
>
> How do we do a version check ???
>
>
> Thanks !
>
> - Robbert
>
Cobalts don't run SSH from SSH communications. They run OpenBSD's OpenSSH.
I installed SSH from SSH communications not a long time ago, and my
version is 2.4.0, it's quite bizzar that it's already so many releases
went out. Anyhow, not relevant to people who installed from cobalt.
To check your version, simply telnet to your machine at the port you've
set for SSH (if you haven't set a port, it's 22 by default...)
- shimi.