Quote:
Originally posted by Hooper
ssh is perfectly secure. the exploit has been patched, but the exploit is largely misunderstood as well.
yes, it's a buffer overflow attack.. but it is one that requires the attacker to *already* be logged into an ssh client..
so they would have to already have a working user/pass in order to use the exploit.
it is largely a problem on shared systems because the attacker can get root priveleges which he/she should not have.
|
Thank you for the info, Hooper... we have multiple users on the box, so let's say the hacker has a user/pass of one of the users, could the hacker get su access?