Re: SSH

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: SSH
From: Edward Guldemond <thedebategod@yifan.net>
Date: Mon, 16 Dec 2002 18:24:17 -0500
Message-id: <20021216232417.GA9640@jazzman>
Mail-followup-to: Debian Security <debian-security@lists.debian.org>
In-reply-to: <20021216225215.GA5610@zionlth.org>
References: <20021216225215.GA5610@zionlth.org>

On Mon, Dec 16, 2002 at 05:52:15PM -0500, Phillip Hofmeister wrote:
> Hi all,
> 
> I am sure you have seen the SSH CERT.  Are we vulnerable?  If so is
> there a time line for an update?

Sorry for the last email.  Spoke before I read. :-)  According to 
the advisory[1]:  

     "it seems that the current version of OpenSSH (3.5) is not
     vulnerable to these problems, and some limited testing shows that
     no version of OpenSSH is vulnerable."

Therefore, I assume that we're not vulnerable.  If you are paranoid
they do list the location of the test suite[2] that you can try
against your machine.

[1] http://www.cert.org/advisories/CA-2002-36.html
[2] http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666

--
Edward Guldemond

Attachment: pgpd3pAjzkvpn.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: SSH
  - From: Patrick Hsieh <pahud@ezplay.tv>
- Re: SSH
  - From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>

References:
- SSH
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: SSH
Next by Date: Re: smtp-auth
Previous by thread: Re: SSH
Next by thread: Re: SSH
Index(es):
- Date
- Thread