On Mon, 02 Feb 2004 19:14:18 -0500 Greg Folkert <greg@???> wrote:
> > Marc Haber wrote:
> > > Seriously, are there any current problems with openssh?
> And to answer Marc Haber, OpenSSH does not have any problems that I am
> currently aware of.
indeed. the last significant one i recall was the screwball integer overflow
bug that was discovered in a routine code audit by the OpenSSH team
themselves. it got a lot of (negative) publicity because of the oblique
way they handled the disclosure, but i have gone through the logic
behind their approach and concluded that they patched & disclosed
in the only manner that would avoid creating vulnerability problems for
secureid users. they really did think about what they were doing before
they did it.
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
