SSH1 CRC-32 bug?
Hello, just to be sure about this. Sorry to beat a dead horse, but
has the infamous CRC-32 compensation bug been fixed in the ssh package in
sid? I am being bugged about "Debian being vulnerable" to this attack, and
I would like to know for sure. Of course, tools like nessus just check
daemon version numbers, and report non-existent vulnerabilities, and right
now I haven't got access to a ready tool to try and break the one
installed on my system.
If I _am_ vulnerable, I would like to know that ASAP, to shut down the
service immediately. On the other hand, if I am not, I would like to be
able to tell the overzelous sysadmin of my ISP that I am not vulnerable
and please stop bugging me...
Thanks in advance
Giacomo Mulas
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel.: +39 070 71180 216 Fax : +39 070 71180 222
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: