This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!


Posted by: Anonymous Coward on August 11, 2004 09:30 PM
Why do a google search for on CERT's web pages when you can directly search their <A HREF="" title="">Vulnerabilty Notes database</a> directly?

That gives a vastly different picture than the seemingly unending results from google. I have suspicion that googling also counts pages that include "OpenSSH: Not Vulnerable" in the body.

Using CERT's database, I count a grand total of 13 entries that deal directly with an OpenSSH vulnerability. Here they are, sorted by

<TT>VU# 40327 06/09/2000 OpenSSH UseLogin option allows remote execution
   of commands as root
VU#363181 12/07/2000 OpenSSH disregards client configuration and
   allows server access to ssh-agent and/or X11 after session negotiation
VU#797027 06/19/2001 OpenSSH does not initialize PAM session thereby
   allowing PAM restrictions to be bypassed
VU#905795 09/27/2001 OpenSSH fails to properly apply source IP based
   access control restrictions
VU#655259 06/12/2001 OpenSSH allows arbitrary file deletion via
   symlink redirection of temporary file
VU#945216 02/08/2001 SSH CRC32 attack detection code contains remote
   integer overflow
VU#157447 12/04/2001 OpenSSH UseLogin directive permits privilege
VU#408419 03/07/2002 OpenSSH contains a one-off overflow of an array
   in the channel handling code
VU#369347 06/24/2002 OpenSSH vulnerabilities in challenge response
VU#978316 06/04/2003 Vulnerability in OpenSSH daemon (sshd)
VU#333628 09/16/2003 OpenSSH contains buffer management errors
VU#209807 09/23/2003 Portable OpenSSH server PAM conversion stack
VU#602204 09/23/2003 OpenSSH PAM challenge authentication failure</TT>

Odd, it's almost been an entire year since OpenSSH had a CERT vulnerability warning. And seems to contradict your assertion that OpenSSH is a leaky raft.

I certainly would like to read Theo's reaction to this article...


Return to A critique of port knocking