On Thu, 16 Sep 2004, Jeff wrote: > Just to follow on from this - does OpenSSH 3.6.1p2 have a serious vuln. that I dont know about? Anyone got a link? > > Jeff > You can do a google, or check out the rpm change log for openssh. I'm not sure about specific vulnerabiliies on specific versions (I just ensure that I'm always patched), but I *do* know that version 1 of the ssh protocol is seriously flawed, and that it's enabled by default on RH installations. You need to edit /etc/ssh/sshd_config and modify the Protocol line to only have Protocol 2. Piece of trivia: In the second Matrix movie, you'll see Trinity hack into a computer. She uses a known exploit of the ssh v1 protocol to do it. :) Ben -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
