Domain: ssh.fi
Stories and comments across the archive that link to ssh.fi.
Stories · 4
-
SSH Secure Shell 3.0.0 Remote Hole
SSH Communications Security Corp (ssh.com/ssh.fi) announced on bugtraq last night that their commercial product SSH Secure Shell 3.0.0 is a gaping remote hole on various unixes. Technically it's not a root hole, but remote access to users like "adm," "bin," "daemon," and "sys" is not good. Strangely, I don't see an announcement on their homepage. If you're running the $99 workstation version or the $475 server version, go upgrade to 3.0.1 now because it's an amazingly trivial exploit (especially on Solaris, but also on other unixes, excluding NetBSD and OpenBSD which are not affected at all). If you're using OpenSSH, or some other program you didn't pay for, no worries. -
Rootshell and SSH
path writes "There is some more information on the attack to Rootshell givin out by the SSH people." Apparently they theory now is that the intruders got in through 'legitimate authentication'. -
SSH 2.0
Karthik Arumugham writes "SSH Communications Security, Ltd. has released a completely new version of SSH. It's been almost completely rewritten (but is still backwards compatible). It also includes a new sftp (Secure FTP) server. You can download it here. " -
SSH 2.0
Karthik Arumugham writes "SSH Communications Security, Ltd. has released a completely new version of SSH. It's been almost completely rewritten (but is still backwards compatible). It also includes a new sftp (Secure FTP) server. You can download it here. "