[talk] SSH vulnerability

George Rosamond george at ceetonetechnology.com
Thu Jan 14 11:28:52 EST 2016

Isaac (.ike) Levy:
>> On Jan 14, 2016, at 10:30 AM, George Rosamond
>> <george at ceetonetechnology.com> wrote:
>> yes... ssh_config, not sshd_config.
> What an interesting vuln.  Seems to blur the line between client and
> server to exploit this one.
> Big question now that it's been addressed: will this be the third
> "remote hole in the default install"?

It's on the client end, and the exploit is a MITM AFAIK, so probably not
considered a remote hole.


More information about the talk mailing list