http://bugzilla.mindrot.org/show_bug.cgi?id=1019
Summary: Exact version should not be disclosed to hinder attacks
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: jeanmarc.gillet@axa-tech.com
At first connection to port 22, the server sends his ID string with the version
number. I think that this should be configurable (a fake version number e.g.) in
order to hinder attacks based on known vulnerabilities. Someone could gain a bit
of time in order to replace its old unsecure version of the ssh server with a
new one.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Summary: Exact version should not be disclosed to hinder attacks
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: jeanmarc.gillet@axa-tech.com
At first connection to port 22, the server sends his ID string with the version
number. I think that this should be configurable (a fake version number e.g.) in
order to hinder attacks based on known vulnerabilities. Someone could gain a bit
of time in order to replace its old unsecure version of the ssh server with a
new one.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.