lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <23cvqlxolwlgcg5arqmwk4ww.1383955608199@email.android.com> Date: Fri, 08 Nov 2013 19:06:48 -0500 From: Harry Hoffman <hhoffman@...solutions.net> To: coderman <coderman@...il.com> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: OpenSSH Security Advisory: gcmrekey.adv It would be interesting to know how many people fall I to this combination. Fedora 19 has the correct version and cipher suite. Redhat AS/Enterprise 6 has a earlier version of OpenSSH so presumably not vulnerable (but I haven't tested ). So that leaves Ubuntu as the other major Linux distro who might run a recent enough version. I haven't checked *bsds or open Solaris. Cheers, Harry coderman <coderman@...il.com> wrote: >On Fri, Nov 8, 2013 at 10:56 AM, CERT OPS Marienfeldt ><cert.marienfeldt@...il.com> wrote: >> "If exploited, this vulnerability might permit code execution >> with the privileges of the authenticated user" >> >> might explains the absence ;-) > > >how many integrations and services auth without shell? /sbin/nologin >to /sbin/privescalate ... > >tough crowd. i leave you to your preauth remote exec fantasies, > >;) > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists