similar to: SSH and trademarks

Remote vulnerability in SSH daemon crc32 compensation attack detector ----------------------------------------------------------------------- Issue date: 8 February 2001 Author: Michal Zalewski <lcamtuf at razor.bindview.com> Contact: Scott Blake <blake at razor.bindview.com> CVE: CAN-2001-0144 Topic: Remotely exploitable vulnerability condition exists in most ssh daemon

I would also like to mention that when I released TTSSH in May 1998, I had no concerns about violating any trademarks because I observed that the name "SSH" was already being used by several different parties for different purposes --- as the name of Ylonen's original SSH package and its derivatives, as the name of the protocol, and as a component of names of other implementations

This is about 90% of the core work. I omited a few files from the patch set since they are basicly small blocks of #ifndef HAVE_NEXT/#endif to get it to compile. Daimen, feel free to let me know what you applied and what your rejecting and why.. so I can work on cleaning things up. Andre, Only thing of note you may want to look into is NeXT does not use "ut_user" in it's lastlog.

Friends, Sorry to write this to a developer mailing list. I have already approached some OpenSSH/OpenBSD core members on this, including Markus Friedl, Theo de Raadt, and Niels Provos, but they have chosen not to bring the issue up on the mailing list. I am not aware of any other forum where I would reach the OpenSSH developers, so I will post this here. As you know, I have been using the SSH

I received the following e-mail in response to an e-mail I had sent to SSH communications questioning the wisdom of their requesting OpenSSH to change it's name. Contained in the message is that statement that SSH Communications did not exert their trademark rights earlier becuase it's only recently that OpenSSH has become more visible. In the United States, this would invalidate the

On Solaris 10 (SPARC & x86), I'm seeing the following error: error: Failed to allocate internet-domain X11 display socket. I tracked this down to this code change between openssh 4.7p1 and 5.0p1: *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007 --- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008 *************** *** 1,4 **** ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable: Yes Locally Exploitable: Yes Release Mode:

All, We have recently updated our password aging to include setting inactivity days. We are running ossh 4.1p1 in a Solaris 8 environment. It appears that ossh isn't picking up on inactivity. Accounts that have been inactive still prompt to change passwords - if you telnet the same servers you get kicked out immediately. On the Solaris 9 servers running SUN's ssh the inactive accounts are

Hello; Sorry for the crosspost/repost, but I am getting desparate here. I am having difficulties setting up ssh (ossh4.3p2 - NIS -Solaris8/Sparc) to authenticate and allow ossh access based on NIS netgroup. So, users and/or host should be from a valid netgroup triple, contained within the ossh servers .rhosts, .shosts, hosts.equiv and/or shosts.equiv. I am having alot of trouble getting NIS

Here is a patch to scp made against openssh-2.1.1p2 that adds the -L option to scp. The -L option tells scp to use nonprivilaged ports (by passing ssh the -P option). The non-free ssh's scp has this option, and it is required under some firewall setups (like mine) for scp to function. Please let me know if there are any problems with this patch, or if there is anything I can do to help get

What kind of connection delays are people seeing with Ossh 2.2.0p1?? One of the programmers here is seeing delays of up to 25s, which is clearly unacceptable. He's localized the problem to seeding the random number generator - it appears that the _minimum_ number of commands needed to seed the random number generator is 16. On his hosts (for a variety of reasons), many of those commands

Good day and well met. I'm trying to compile and install openssh-4.2p1 on a Sun Ultra-250 running Solaris 8. It's not happy about something. I've searched the bug list and the mail archives but haven't seen another posting about this. Apologies if there is one and my eyes just slid right over it. I've run a configure with the following options, and with no options at

COPYING.Ylonen contains: [ GMP is now external. No more GNU licence. ] I don't see how GMP is linked in at all. rms asked me to look into this, because this might constitute a license conflict. Thanks for your help! -- No matter how big the bell, if you only tap it, it can give out only a faint sound. We must understand thoroughly that the weakness of the blow, not a fault of the bell

But the main question hasn't been answered: Why is /usr/local placed before user-specified paths? Hypothetical example: You want to link against OpenSSL 0.96 for OpenSSH, but /usr/local contains 0.95, which is needed for something else. (Assume it comes binary only on Solaris for the sake of argument...) --Matt > -----Original Message----- > From: Damien Miller [mailto:djm at

Hi all, Thanks for the answers! I've also received a couple of answers off-list, so there should be enough of us to get something rolling. I think we should start with something informal to get to know each other and see what our interests are etc. So, I've created a poll with a random slice of March here [1], so we can sync on the date / time. Please pick as many options as you can. The

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded 1.2pre13 to http://violet.ibs.com.au/openssh/ Imporant changes: - - Fixes a single-byte buffer overrun in the PAM code. - - Quite a bit more Solaris support. EGD should work now (please test). - - Lots more autoconf options to enable Kerberos, AFS, TCP Wrappers and S/Key (all untested). - - MD5 passwords for Slackware Linux

On Tue, Jan 10, 2017 at 2:31 AM, Peter A Jonsson <pj at sics.se> wrote: > Hi Kyle, > > my apologies for mailing you directly but it seems new user creation is > disabled on the llvm bugzilla. > > We sometime lose edges during IfConversion of diamonds and it’s not > obvious how to reproduce on an upstream target. The documentation for > HasFallThrough says *may*

I'm having trouble with users transferring files to a solaris box running ossh v2.3.1p1 via sftp using ssh.com's windows client. The sftp client appears not to respect the users umask, creating files with either mode 666 or 600. We're using version 2.4.0 of the windows client. Any ideas? thanks, -Brett ----------------- Brett Longworth Systems Manager Department of Biology

Hi! I was browsing through archives and found out that somebody else was having the same problem as I'm. http://bugzilla.mindrot.org/show_bug.cgi?id=248 from the client, when I run scp to the server, I get: scp: warning: Executing scp1 compatibility. scp: FATAL: Executing ssh1 in compatibility mode failed (Check that scp1 is in your PATH). There are more details about this problem here:

Scenario: Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key Kill and restart sshd Remove the old host key from ~/.ssh/known_hosts Connect to the host using ssh. I get this: homer.ka9q.ampr.org$ ssh 199.106.106.3 who The authenticity of host '199.106.106.3' can't be established. Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e. Are you sure