[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Possible (probable) hole in SSH?
- Subject: Re: [cobalt-security] Possible (probable) hole in SSH?
- From: cpaul <inc@xxxxxxxxxxxxx>
- Date: Wed, 14 Nov 2001 09:36:55 +1100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Initially it appears that OpenSSH prior to version 2.3 was vulnerable to
> an attack in the CRC32 code in the daemon.
if you use SSH Protocol Version 1, no?
SSH1 has been pretty severely and publicly deprecated from what i understand.
ie:
$ head -n 5 /etc/sshd_config
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
Port 22
Protocol 2