openssh bugs - Apr 2005 - [Bug 1019] Exact version should not be disclosed to hinder attacks

http://bugzilla.mindrot.org/show_bug.cgi?id=1019

           Summary: Exact version should not be disclosed to hinder attacks
           Product: Portable OpenSSH
           Version: 4.0p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: jeanmarc.gillet at axa-tech.com


At first connection to port 22, the server sends his ID string with the version
number. I think that this should be configurable (a fake version number e.g.) in
order to hinder attacks based on known vulnerabilities. Someone could gain a bit
of time in order to replace its old unsecure version of the ssh server with a
new one.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1019


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE




------- Additional Comments From dtucker at zip.com.au  2005-04-20 18:56 -------
This has been done to death several times before, please see bug #764.

*** This bug has been marked as a duplicate of 764 ***



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.