Authentication By-Pass Vulnerability in OpenSSH 2.3.1 (devel snapshot) (fwd)
Corinna Vinschen
cygwin@cygwin.com
Tue Feb 13 00:54:00 GMT 2001
On Mon, Feb 12, 2001 at 02:42:10PM -0700, Mark Paulus wrote:
> Do I need to do this, if I only use the ssh client?? I had a problem with 2.3.0p1,
> where it wouldn't connect to my machine @ home through my Netgear
> router/firewall. However, the latest snapshot I downloaded allows me to
> connect. I don't want to back off and lose my ability to connect unless
> you are going to kill me if I don't.
I would never kill you for any reason.
Security is everyone's own purpose. The OpenSSH team has decided
to remove all dangerous snapshots from their site. So did I.
As long as you don't use sshd it should be ok.
Corinna
> On Fri, 09 Feb 2001 08:40:18 +0100, Corinna Vinschen wrote:
>
> >FYI for those running snapshots. I have removed the openssh-20010202
> >snapshot from cygwin/latest.
> >
> >If you are using the openssh-20010202 snapshot PLEASE REVERT BACK TO
> >openssh-20001221 OR openssh-2.3.0p1.!!!
> >
> >Corinna
> >
> >---------- Forwarded message ----------
> >Date: Thu, 08 Feb 2001 18:15:00 -0500
> >From: Niels Provos <provos@citi.umich.edu>
> >To: security-announce@openbsd.org
> >Subject: Authentication By-Pass Vulnerability in OpenSSH 2.3.1 (devel
> > snapshot)
> >
> >----------------------------------------------------------------------------
> >
> > OpenBSD Security Advisory
> >
> > February 8, 2001
> >
> > Authentication By-Pass Vulnerability in OpenSSH-2.3.1
> >
> >----------------------------------------------------------------------------
> >[...]
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list