diff options
author | Ryan T. Hosford <tad.hosford@gmail.com> | 2016-03-11 13:54:00 -0600 |
---|---|---|
committer | Ryan T. Hosford <tad.hosford@gmail.com> | 2016-03-11 14:04:03 -0600 |
commit | 2e68d3e551ec72b662c23f954f14836978a88c8b (patch) | |
tree | f49027151eab4088f2cad384c8278627ba4c1fb7 | |
parent | 895bdb5fefdadd48fa7778ac9e8e0f5b4355328b (diff) | |
download | sshtron-2e68d3e551ec72b662c23f954f14836978a88c8b.tar.gz |
Help players protect themselves from maliciousness
- Since connecting to an unknown server represents some risk,
tell players about the known risks and show them how they can eliminate
some of that risk by patching their ssh clients.
- Closes #13
-rw-r--r-- | README.md | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -44,6 +44,17 @@ $ go get && go build $ ./sshtron ``` +## CVE-2016-0777 + +[CVE-2016-0777](https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt) +revealed two SSH client vulnerabilities that can be exploited by a malicious SSH server. While SSHTron does not exploit +these vulnerabilities, you should still patch your client before you play. SSHTron is open source, but the server +could always be running a modified version of SSHTron that does exploit the vulnerabilities described +in [CVE-2016-0777](https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt). + +If you haven't yet patched your SSH client, you can follow +[these instructions](https://www.jacobtomlinson.co.uk/quick%20tip/2016/01/15/fixing-ssh-vulnerability-CVE-2016-0777/) to do so now. + ## License SSHTron is licensed under the MIT License. See the full license text in |