[CLUE-Tech] SSH EXPLOIT
Evan Widger
PsychoI3oy at linkline.com
Wed Sep 17 04:38:43 MDT 2003
Warren wrote:
> I'm a little unclear about this exploit. If you have root login
> disabled, are you still vulnerable?
>
> No, I'm not quibbling about whether or not one should install a
> security patch.
>
from what i read on /. (meaning take it with a shaker and a half of
salt) if you have root login disabled it's not a problem. (someone said
something about openssh on openbsd having it enabled by default but also
being in the docs to be the first thing turned off, presumably for
remote install purposes)
so you're probably fine to download and apply the patch when you feel
like it, probably after the ftp severs become unburdened.
(anyone that has information contrary to this please say so, IANASSHE, i
am not an ssh expert)
- Evan
More information about the clue-tech
mailing list