OpenSSH Security Advisory (adv.token)
Damien Miller
djm at mindrot.org
Thu Apr 25 12:22:00 EST 2002
On Wed, 24 Apr 2002, foo foo wrote:
>
> True, but..
>
> 1) I am not using Kerberos or such features.
>
> 2) the client is from OpenSSH2.3.1 (my earlier email)
> not 2.2 version.
>
> 3) The issue is that OpenSSH.2.5.2 and higher. is
> sending RSA key and 2.3.1 client complains of
> incorrect key lengh. (see my debug output).
Upgrade to a more recent version - 2.3.1 has a serious exploitable hole,
2.5.2 has problems too.
-d
More information about the openssh-unix-dev
mailing list