diff options
author | Zach Latta <zach@zachlatta.com> | 2016-03-11 15:59:05 -0500 |
---|---|---|
committer | Zach Latta <zach@zachlatta.com> | 2016-03-11 15:59:05 -0500 |
commit | 69a029b4c749017d5bfb2ad8452f78b3f7edc019 (patch) | |
tree | f49027151eab4088f2cad384c8278627ba4c1fb7 | |
parent | 895bdb5fefdadd48fa7778ac9e8e0f5b4355328b (diff) | |
parent | 2e68d3e551ec72b662c23f954f14836978a88c8b (diff) | |
download | sshtron-69a029b4c749017d5bfb2ad8452f78b3f7edc019.tar.gz |
Merge pull request #14 from rthbound/shows-goodwill-re-cve-2016-0777
Help players protect themselves from maliciousness
-rw-r--r-- | README.md | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -44,6 +44,17 @@ $ go get && go build $ ./sshtron ``` +## CVE-2016-0777 + +[CVE-2016-0777](https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt) +revealed two SSH client vulnerabilities that can be exploited by a malicious SSH server. While SSHTron does not exploit +these vulnerabilities, you should still patch your client before you play. SSHTron is open source, but the server +could always be running a modified version of SSHTron that does exploit the vulnerabilities described +in [CVE-2016-0777](https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt). + +If you haven't yet patched your SSH client, you can follow +[these instructions](https://www.jacobtomlinson.co.uk/quick%20tip/2016/01/15/fixing-ssh-vulnerability-CVE-2016-0777/) to do so now. + ## License SSHTron is licensed under the MIT License. See the full license text in |