Description

This article is from the SSH - Secure Shell FAQ, by Thomas Koenig Thomas.Koenig@ciw.uni-karlsruhe.de with numerous contributions by others.

6.1. What known security bugs exist in which versions of ssh?

All versions of ssh prior to 1.2.12.92 had a security flaw which
allowed local users to get access to the secret host key. This is
fixed in 1.2.13 and later.

If you run ssh 1.2.13 on Alpha OSF 1.3 or SCO in C2 security mode,
local users can gain root access. This is fixed by applying
ftp://ftp.cs.hut.fi/pub/ssh/ or by upgrading
to 1.2.14 or later.

Versions of ssh prior to 1.2.17 had problems with authentication agent
handling on some machines. There is a chance (a race condition) that
a malicious user could steal another user's credentials. This should
be fixed in 1.2.17.

The arcfour cipher is used in a way which makes it susceptible in
version 1 of the ssh protocol. Therefore, its use has been disabled
in 1.2.18 and later.

Continue to:

prev: 5.22. Connections are forwarded as root by ssh!
Index
next: 6.2. How widespread is use of ssh?

Share and Enjoy

Bookmark this story so others can enjoy it:


	stason.org

	Articles
	Development
	Books
	Teaching
	Photography
	Bits and Pieces
	TULARC
	Contact Us
	Site Map


	Favorites

	Free Online Books
	Meta Religion
	Travel Blogs
	StasoSphere
	Healing Info
	Article Collection
	Practical mod_perl
	mod_perl2 Book
	MailChannels

		Articles / TULARC / Security / SSH - Secure Shell /







		6.1. What known security bugs exist in which versions of ssh?


	Search

6.1. What known security bugs exist in which versions of ssh?

Description

6.1. What known security bugs exist in which versions of ssh?

Share and Enjoy

Tags