Comment 1 for bug 1929758

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello Ian, thanks for the bug.

Have you had any success with any of the exploits?

Most of these sorts of tools that do "banner detection" assume everyone builds all their programs from source code themselves, and thus aren't very useful in the real world. The first CVE listed is from 2001, which predates Ubuntu by some margin.

Here's our current status on OpenSSH issues: https://ubuntu.com/security/cve?q=&package=openssh&priority=&version=&status=

There's several we've chosen to ignore; there's one we've rated as low priority, and will address if there's a medium priority or higher issue in the future: https://ubuntu.com/security/CVE-2020-14145

Thanks