Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Tue, 13 Feb 2001 09:54:33 +0100
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: cygwin <cygwin AT cygwin DOT com>
Subject: Re: Authentication By-Pass Vulnerability in OpenSSH 2.3.1 (devel snapshot) (fwd)
Message-ID: <20010213095433.O2107@cygbert.vinschen.de>
Mail-Followup-To: cygwin <cygwin AT cygwin DOT com>
References: <20010209084018 DOT C4880 AT cygbert DOT vinschen DOT de> <0G8N00K1EYX7YD AT pmismtp04 DOT wcomnet DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <0G8N00K1EYX7YD@pmismtp04.wcomnet.com>; from mark.paulus@wcom.com on Mon, Feb 12, 2001 at 02:42:10PM -0700

On Mon, Feb 12, 2001 at 02:42:10PM -0700, Mark Paulus wrote:
> Do I need to do this, if I only use the ssh client??  I had a problem with 2.3.0p1,
> where it wouldn't connect to my machine @ home through my Netgear
> router/firewall.  However, the latest snapshot I downloaded allows me to
> connect.  I don't want to back off and lose my ability to connect unless
> you are going to kill me if I don't.    

I would never kill you for any reason.

Security is everyone's own purpose. The OpenSSH team has decided
to remove all dangerous snapshots from their site. So did I.

As long as you don't use sshd it should be ok.

Corinna

> On Fri, 09 Feb 2001 08:40:18 +0100, Corinna Vinschen wrote:
> 
> >FYI for those running snapshots.  I have removed the openssh-20010202
> >snapshot from cygwin/latest.
> >
> >If you are using the openssh-20010202 snapshot PLEASE REVERT BACK TO
> >openssh-20001221 OR openssh-2.3.0p1.!!!
> >
> >Corinna
> >
> >---------- Forwarded message ----------
> >Date: Thu, 08 Feb 2001 18:15:00 -0500
> >From: Niels Provos <provos AT citi DOT umich DOT edu>
> >To: security-announce AT openbsd DOT org
> >Subject: Authentication By-Pass Vulnerability in OpenSSH 2.3.1 (devel
> >    snapshot)
> >
> >----------------------------------------------------------------------------
> >
> >                        OpenBSD Security Advisory
> >
> >                            February 8, 2001
> >
> >             Authentication By-Pass Vulnerability in OpenSSH-2.3.1
> >
> >----------------------------------------------------------------------------
> >[...]

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple