Hey Mike,<br><br>That is a very interesting find to me personally. System and Software Security is something I have great interest in. I am a security advisor in a datacenter in the UK. However the article <a href="http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt">http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt</a> says this is a very severe attack although the possibility of a sucessful attack is Very low. But you can never be too careful about these things.<br>
Software vendors may be getting more technicologically advanced but so are exploit coders. For example PHP addslashes() was added to stop SQL Injection exploits by adding a slash to every quotation. Attackers realised PHP didnt parse HEX code but mySQL Server did. This makes me wonder if The posibility of an attack using this vulnerability is fairly high rather than low.<br>
<br><div class="gmail_quote">On Tue, May 19, 2009 at 5:49 PM, Mike McGrath <span dir="ltr"><<a href="mailto:mmcgrath@redhat.com">mmcgrath@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
If y'all see an ssh session dropping constantly (like, 11356 times :) let<br>
me know.<br>
<br>
<a href="http://www.openssh.com/txt/cbc.adv" target="_blank">http://www.openssh.com/txt/cbc.adv</a><br>
<br>
-Mike<br>
<br>
_______________________________________________<br>
Fedora-infrastructure-list mailing list<br>
<a href="mailto:Fedora-infrastructure-list@redhat.com">Fedora-infrastructure-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Keiran Smith<br>- Fedora Ambassador / BugZapper - <<a href="mailto:affix@fedoraproject.org">affix@fedoraproject.org</a>><br>- Free Software Foundation Associate - <<a href="mailto:keiran.smith@member.fsf.org">keiran.smith@member.fsf.org</a>><br>
- <a href="http://keiran-smith.net">http://keiran-smith.net</a><br>- Call me on +44 (0) 131 208 4347<br>