[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Possible (probable) hole in SSH?

Subject: Re: [cobalt-security] Possible (probable) hole in SSH?
From: cpaul <inc@xxxxxxxxxxxxx>
Date: Wed, 14 Nov 2001 09:36:55 +1100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Initially it appears that OpenSSH prior to version 2.3 was vulnerable to
> an attack in the CRC32 code in the daemon. 

if you use SSH Protocol Version 1, no?

SSH1 has been pretty severely and publicly deprecated from what i understand.

ie:

$ head -n 5 /etc/sshd_config
# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 22
Protocol 2

Prev by Date: Re: [cobalt-security] Adaptive firewall for Qube 3
Next by Date: Re: [cobalt-security] NAMED UPDATE !!!
Previous by thread: Re: [cobalt-security] Possible (probable) hole in SSH?
Next by thread: [cobalt-security] ssh problem

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index