not being released
Dag-Erling Smørgrav
des at des.no
Wed Sep 10 18:17:02 EST 2008
"Kevin Deveau" <kdeveau at cfassociate.com> writes:
> In theory this trapped connection can and has proven to be used for
> expolits as if the correct packet is sent to the box, using gathered
> information of course. the attacker becomes assumed by the local host
> thru a remote host and appears to be authenticated allowing executions
> based on the level of permission the frozen login has
That's a *very* tall claim with no evidence to support it.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the openssh-unix-dev
mailing list