[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] SSH Exploit Request

To: Robert Davies <phantasm@textbox.net>
Subject: Re: [Full-Disclosure] SSH Exploit Request
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 13 Nov 2003 22:08:55 +0100

Robert Davies wrote:

> A service is flawed in one way or another, patch it! If the vendor says the
> service is broke in some way, believe them, get off your lazy ass and get
> patching. If you are the admin, do your job and quit whining!

The OpenSSH maintainers lured Debian into distributing a vulnerable
OpenSSH version by issuing a security advisory (the version distributed
by Debian at that time was not vulnerable).

I'm sorry, things aren't always as easy as you assume.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] SSH Exploit Request
  - From: Valdis.Kletnieks@vt.edu
- RE: [Full-Disclosure] SSH Exploit Request
  - From: "Robert Davies" <phantasm@textbox.net>

Prev by Date: Re: [Full-Disclosure] new worm - "warm-pussy.jpg".
Next by Date: Re: [Full-Disclosure] SSH Exploit Request
Previous by thread: Re: [Full-Disclosure] SSH Exploit Request
Next by thread: RE: [Full-Disclosure] SSH Exploit Request
Index(es):
- Date
- Thread