Displaying 20 results from an estimated 1000 matches similar to: "Does anyone know anything about this "0-day" ssh vulnerability?"
2008 Nov 21
3
OpenSSH security advisory: cbc.adv
OpenSSH Security Advisory: cbc.adv
Regarding the "Plaintext Recovery Attack Against SSH" reported as
CPNI-957037[1]:
The OpenSSH team has been made aware of an attack against the SSH
protocol version 2 by researchers at the University of London.
Unfortunately, due to the report lacking any detailed technical
description of the attack and CPNI's unwillingness to share necessary
2009 Feb 16
9
Call for testing: openssh-5.2
Hi,
OpenSSH 5.2 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is primarily a bug-fix
release, to follow the feature-focused 5.1 release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable
2003 Mar 15
2
restricing port forwarding ports server-side
I'm curious as to whether or not there is a way to restrict forwarded ports
server side. For instance, I'm running an IRC server and am allowing users
to connect via ssh forwarding (so I can take advantange of using openssh's
public key method for authentication). Each client I tell to setup their
~/.ssh/config in a certain way, but the relevant line is:
LocalForward 6667
2003 Nov 04
1
Veractiy and FreeBSD
I'm trying to get veracity (http://www.rocksoft.com/veracity/), a tripwire
replacement, working on FreeBSD 5.x. When I try and create a snapshot I get
the following error for files sitting on my root partition:
-- snip snip --
csh.logout
E: Error opening binary (B) stream of file
"/etc/csh.logout".
(OS error message="File is on the procfs (/proc)
2011 Mar 04
2
remote DoS in sftp via crafted glob expressions (CVE-2010-4755)
Hi folks.
We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS
in sftp, described as:
The (1) remote_glob function in sftp-glob.c and the (2) process_put
function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3
and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote
authenticated users to cause a denial of service (CPU and memory
consumption) via
2002 Oct 10
3
pks for openssh
I was directed to the following site by one of our customers regarding
a keyserver built into openssh. There's a patch for 3.4p1 on their
site, but the license isn't very clear, nor is it clear if they have
approached the openssh team regarding the inclusion of this subsystem
into openssh proper.
I've been asked to patch Mandrake's openssh with this feature, but I'm
2015 Jun 15
5
OpenSSH and CBC
Hello,
I saw that OpenSSH release 6.7 removed all CBC ciphers by default. Is
CBC therefore considered as broken and unsecure (in general or SSH
implementation)?
I also read a lot of references (see below) but still not clear to me
what's the actual "security status" of CBC and why it has been removed
in general.
http://www.openssh.com/txt/release-6.7
sshd(8): The default set
2011 Aug 04
3
[Announce] Samba 3.5.11 Available for Download
===================================================================
"Birthdays are nature's way of
telling us to eat more cake."
Source Unknown
==================================================================
Release Announcements
=====================
This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.11 include:
o Fix access to
2011 Aug 04
3
[Announce] Samba 3.5.11 Available for Download
===================================================================
"Birthdays are nature's way of
telling us to eat more cake."
Source Unknown
==================================================================
Release Announcements
=====================
This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.11 include:
o Fix access to
2000 Aug 18
0
[RHSA-2000:052-04] Zope update
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Zope update
Advisory ID: RHSA-2000:052-04
Issue date: 2000-08-11
Updated on: 2000-08-18
Product: Red Hat Powertools
Keywords: Zope
Cross references: N/A
2009 Feb 23
0
Announce: OpenSSH 5.2 released
OpenSSH 5.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We have also recently completed another Internet SSH usage scan, the
results of which may be found at http://www.openssh.com/usage.html
Once again, we
2009 Feb 23
0
Announce: OpenSSH 5.2 released
OpenSSH 5.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We have also recently completed another Internet SSH usage scan, the
results of which may be found at http://www.openssh.com/usage.html
Once again, we
2008 Nov 21
0
OpenSSH security advisory: cbc.adv
OpenSSH Security Advisory: cbc.adv
Regarding the "Plaintext Recovery Attack Against SSH" reported as
CPNI-957037[1]:
The OpenSSH team has been made aware of an attack against the SSH
protocol version 2 by researchers at the University of London.
Unfortunately, due to the report lacking any detailed technical
description of the attack and CPNI's unwillingness to share necessary
2009 Feb 18
0
FW: Call for testing: openssh-5.2
Whoops -- sent to wrong address...
Mandriva 2008.1 openssh-SNAP-20090218 passes all tests.
> -----Original Message-----
> From: Scott Neugroschl
> Sent: Tuesday, February 17, 2009 10:06 AM
> To: Damien Miller
> Subject: RE: Call for testing: openssh-5.2
>
> Mandriva 2008.1 -- openssh-SNAP-20090218 passes
>
>
> -----Original Message-----
> From:
2003 Nov 04
0
veracity & freebsd (freebsd-security Digest, Vol 32, Issue 2)
>I'm trying to get veracity (http://www.rocksoft.com/veracity/), a tripwire
>replacement, working on FreeBSD 5.x. When I try and create a snapshot I get
>the following error for files sitting on my root partition:
>
>-- snip snip --
>
> csh.logout
> E: Error opening binary (B) stream of file
> "/etc/csh.logout".
> (OS error
2017 Dec 24
2
OpenSSH key signing service?
Besides ssh.com?s PrivX product, has anyone created a web service that can be used to issue temporary certkeys to authenticated users?
Any pointers appreciated!
jd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2393 bytes
Desc: not available
URL:
2009 Jul 14
1
thought's on hostgator's "patch"
I realize the recent ssh exploit rumors appear to be false.
However I've not saw any comments on hostgator's "patch"
http://67.18.54.2/~davec/ssh_exploit_fix.txt
They continue to talk as if they have inside information.
Comments?
2008 Nov 18
0
Alleged OpenSSH vulnerability
Hi,There is an alleged OpenSSH vulnerability, see http://www.cpni.gov.uk/Products/alerts/3718.aspx.According to this vulnerability an attacker can potentially recover 32 bits of plaintext from an arbitrary block of ciphertext.
After having read the vulnerability note in more detail, my understanding is that the 32 bits of plaintext do not come from the exchange between the client and server of the
2010 Dec 15
2
Building RPM for Openssh5.6p1 fails on RHEL 6.0
All,
I am trying to build openssh-5.6p1 using the SPEC file on RHEL 6 and I am
receiving this
error:
[root@**** SPECS]# rpmbuild -bb openssh.spec
error: line 47: Unknown tag: Copyright : BSD
Also,
I read that the umask functionality in this one has issues. Does it
work in the 5.5 source?
Any help would be appreciated.
2016 Apr 15
1
Heteroscedasticity in a percent-cover dataset
Hi,
I am currently trying to do a GLMM on a dataset with percent cover of
seagrass (dep. var) and a suite of explanatory variables including algal
(AC) and epiphyte cover (EC), rainfall, temperature and sunshine hours.
M2=glmer(SG~AC+EC+TP+SS+RF+(1|Location/fSi/fTr),
family=binomial,data=data,nAGQ=1)
As the dependent variable is percent cover, I used a binomial error
structure. I also have a