OpenSSL vulnerability...

Dan Kaminsky dan at
Sun Oct 5 07:55:49 EST 2003

>2nd: sshd reads _private_ keys only when reading the hostkey.

So basically, an attacker can exploit the bug if they can modify a 
root-owned file.

Of course, if they can modify a root owned file, you've already been owned.


More information about the openssh-unix-dev mailing list