[talk] SSH vulnerability

George Rosamond george at ceetonetechnology.com
Thu Jan 14 11:28:52 EST 2016


Isaac (.ike) Levy:
> 
>> On Jan 14, 2016, at 10:30 AM, George Rosamond
>> <george at ceetonetechnology.com> wrote:
>> 
>> yes... ssh_config, not sshd_config.
> 
> What an interesting vuln.  Seems to blur the line between client and
> server to exploit this one.
> 
> Big question now that it's been addressed: will this be the third
> "remote hole in the default install"?

It's on the client end, and the exploit is a MITM AFAIK, so probably not
considered a remote hole.

g



More information about the talk mailing list