JR Mayberry wrote:
Supposedly sendmail 8.9.1 is to blame, not ssh.
http://www.sendmail.com/sendmail.8.9.1a.htmlMIME buffer overflows is *not* a sendmail problem. What made you say
this?
I believe the sendmail 8.9.1 speculation comes from the fact that "thanks
for 8.9.1" is mentioned on the hacked page twice. Of course they claim they
were running qmail.
Despite the rampant speculation about ssh-1.2.26 being responsible, it still
seems preferable over ssh2 (which is LARGELY unfinished, and rivals even
ircd and win98 for the convoluted code of the year award).
On the more humorous side of things, It looks like someone at rootshell got
fired. http://adimage.blm.net/rootshell/cnjob.gif =)
