[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Upcoming OpenSSH vulnerability

To: misc@openbsd.org
Subject: Re: Upcoming OpenSSH vulnerability
From: Ben Goren <ben@trumpetpower.com>
Date: Tue, 25 Jun 2002 17:59:07 -0700
Content-Disposition: inline
References: <20020625090816.B24304@diabolic-cow.chatgris.net> <200206250912.g5P9CRLI028429@cvs.openbsd.org>
User-Agent: Mutt/1.2.5.1i

On Tue, Jun 25, 2002 at 03:12:27AM -0600, Theo de Raadt wrote:

> > Does it  means that  this bug  can be  exploited when  sshd is
> > running with "PermitRootLogin yes" ?
>
> Maybe yes, maybe no.
>
> Note I've  not answered your  question either way.  So  what are
> you going to do?  Perhaps follow the instructions I sent?

I have.

A  related but  different question:  best practices  dictate using
sudo and  not logging in  as root. Regardless of the  current bug,
are there non-policy reasons to avoid ``PermitRootLogin yes''?

Sincerely,

b&

--
Ben Goren
 mailto:ben@trumpetpower.com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]

Follow-Ups:
- Re: Upcoming OpenSSH vulnerability
  - From: "veins" <veins@skreel.org>
- Re: Upcoming OpenSSH vulnerability
  - From: Scott Francis <darkuncle@darkuncle.net>

References:
- Re: Upcoming OpenSSH vulnerability
  - From: Rémi Guyomarch <rguyom@pobox.com>
- Re: Upcoming OpenSSH vulnerability
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: Re: privsep checking
Next by Date: Re: Upcoming OpenSSH vulnerability
Prev by thread: Re: Upcoming OpenSSH vulnerability
Next by thread: Re: Upcoming OpenSSH vulnerability
Index(es):
- Date
- Thread