Bug 1019 - Exact version should not be disclosed to hinder attacks
Summary: Exact version should not be disclosed to hinder attacks
Status: CLOSED DUPLICATE of bug 764
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 4.0p1
Hardware: All All
: P2 minor
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-20 18:05 AEST by Jean-Marc Gillet
Modified: 2006-10-07 11:39 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-Marc Gillet 2005-04-20 18:05:16 AEST 
At first connection to port 22, the server sends his ID string with the version
number. I think that this should be configurable (a fake version number e.g.) in
order to hinder attacks based on known vulnerabilities. Someone could gain a bit
of time in order to replace its old unsecure version of the ssh server with a
new one.
Comment 1 Darren Tucker 2005-04-20 18:56:11 AEST 
This has been done to death several times before, please see bug #764.

*** This bug has been marked as a duplicate of 764 ***
Comment 2 Darren Tucker 2006-10-07 11:39:44 AEST 
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.