16 Sep
2003
16 Sep
'03
9:20 p.m.
"Brian J. Conway" <bconway@alum.WPI.EDU> writes:
Also, I would be wary and watch for updates in the immediate future. While the buffer.c fix is _an_ update, many are saying it's not remotely exploitable, which begs the question what is exploiting all the reportedly rooted machines that people are claiming to have the latest version of OpenSSH (with PrivSep) running on. Of course, it's the Internet, so any number of people can and are talking out of their a**es, so I'd wait for the dust to settle and keep an eye on this one (but update now, of course).
Exactly my thoughts. This is why my ssh port is still IP restricted for the moment :) -- Josh Huber