SSH vulnerability
Keiran Smith
affix at FedoraProject.org
Tue May 19 16:59:47 UTC 2009
Hey Mike,
That is a very interesting find to me personally. System and Software
Security is something I have great interest in. I am a security advisor in a
datacenter in the UK. However the article
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt says this is a
very severe attack although the possibility of a sucessful attack is Very
low. But you can never be too careful about these things.
Software vendors may be getting more technicologically advanced but so are
exploit coders. For example PHP addslashes() was added to stop SQL Injection
exploits by adding a slash to every quotation. Attackers realised PHP didnt
parse HEX code but mySQL Server did. This makes me wonder if The posibility
of an attack using this vulnerability is fairly high rather than low.
On Tue, May 19, 2009 at 5:49 PM, Mike McGrath <mmcgrath at redhat.com> wrote:
> If y'all see an ssh session dropping constantly (like, 11356 times :) let
> me know.
>
> http://www.openssh.com/txt/cbc.adv
>
> -Mike
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
>
--
Keiran Smith
- Fedora Ambassador / BugZapper - <affix at fedoraproject.org>
- Free Software Foundation Associate - <keiran.smith at member.fsf.org>
- http://keiran-smith.net
- Call me on +44 (0) 131 208 4347
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20090519/ff97cc4e/attachment.html
More information about the infrastructure
mailing list