[Bug 1019] Exact version should not be disclosed to hinder attacks

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Apr 20 18:05:17 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1019

           Summary: Exact version should not be disclosed to hinder attacks
           Product: Portable OpenSSH
           Version: 4.0p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: jeanmarc.gillet at axa-tech.com


At first connection to port 22, the server sends his ID string with the version
number. I think that this should be configurable (a fake version number e.g.) in
order to hinder attacks based on known vulnerabilities. Someone could gain a bit
of time in order to replace its old unsecure version of the ssh server with a
new one.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list