[talk] SSH vulnerability
George Rosamond
george at ceetonetechnology.com
Thu Jan 14 11:28:52 EST 2016
Isaac (.ike) Levy:
>
>> On Jan 14, 2016, at 10:30 AM, George Rosamond
>> <george at ceetonetechnology.com> wrote:
>>
>> yes... ssh_config, not sshd_config.
>
> What an interesting vuln. Seems to blur the line between client and
> server to exploit this one.
>
> Big question now that it's been addressed: will this be the third
> "remote hole in the default install"?
It's on the client end, and the exploit is a MITM AFAIK, so probably not
considered a remote hole.
g
More information about the talk
mailing list