lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: BlueBoar at thievco.com (Blue Boar) Subject: new ssh exploit? Bennett Todd wrote: > This last one broke my camel's back. OpenSSH sshd begone. And so it > has. Cool! <snip> > Right now I wouldn't run an OpenSSH sshd exposed to the internet; > lshd is fine there. People who can't get sshv2 clients can go away. Out of curiosity, what leads you to believe that lshd will be better in terms of future bugs vs. OpenSSH? You specifically mentioned OpenSSL libs and SSHv1 support as concerns with OpenSSH. And sure, it seems unlikely that they just got the very last bug. You also talk about a number of libraries needed by lshd, and some other things that aren't quite fully implemented in it yet. Is it just a matter of having some diversity? BB
Powered by blists - more mailing lists