[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Any server you ssh to can kidnap your ssh-agent and X, whether you want to or not

To: Linux-Chennai Guys <ilugc@xxxxxxxxxxxxxxxxxx>
Subject: Any server you ssh to can kidnap your ssh-agent and X, whether you want to or not
From: Ravi <ravi@xxxxxxxxxxx>
Date: Sun, 12 Nov 2000 05:59:48 -0800
Delivered-to: ilug-c-archive@lists.linux-india.org
Mail-followup-to: Linux-Chennai Guys <ilugc@xxxxxxxxxxxxxxxxxx>
Organisation: Still struggling to be a student.
Reply-to: ilugc@xxxxxxxxxxxxxxxxxx
Sender: ilugc-bounce@xxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.0.1i

All:
	Oh, check out this new bug #76788 at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76788 which basically says that any hostile server can force an openssh client to do agent or X11 forwarding. This problem is fixed as of OpenSSH 2.3.0

	Ironically -- its here first -- http://www.openbsd.org/errata27.html#sshforwarding

	Seen on #Debian-Devel:
<> this 2.2r1 should never have happened
<BlindMan> oh, why?
<> it is a release with a broken php iirc, unfixed known
   exploits and not everything from security.debian.org included

	-r
-- 
Ravikant K.Rao | finger ravi@xxxxxxxxxxx for more details.
  5:49am  up 3 days, 13:20,  4 users,  load average: 0.09, 0.11, 0.09
There's got to be more to life than compile-and-go.
---
Visit our home page at: www.chennailug.org
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.

Prev by Subject: [Off Topic: Not really] Mob Software
Next by Subject: Bangalore IT
Previous by thread: regarding sndconfig
Next by thread: Re: 64 MB instead of 256 MB
Index(es):
- Subject
- Thread