search for: devconsol

....com/2014/07/openssh-user-enumeration-time-based.html I would like to point out that there is another vulnerability present in the bug, it's possible in certain circumstances to provoke a DOS condition in the access to the ssh server, I made a brief study of this possibility here: https://www.devconsole.info/?p=382 and included this attack in my tool that exploit this vulnerability: https://github.com/c0r3dump3d/osueta It's necessary to request another CVE-ID for the DOS attack? At least, I think it should be clarified in the announce of the vulnerability. Regards.

Hi, OpenSSH 5.3 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is