SSH1 CRC-32 bug?

To: debian-security@lists.debian.org
Subject: SSH1 CRC-32 bug?
From: Giacomo Mulas <gmulas@ca.astro.it>
Date: Fri, 30 Nov 2001 16:05:11 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.42.0111301556190.5020-100000@capitanata.ca.astro.it>
Reply-to: Giacomo Mulas <gmulas@ca.astro.it>

	Hello, just to be sure about this. Sorry to beat a dead horse, but
has the infamous CRC-32 compensation bug been fixed in the ssh package in
sid? I am being bugged about "Debian being vulnerable" to this attack, and
I would like to know for sure. Of course, tools like nessus just check
daemon version numbers, and report non-existent vulnerabilities, and right
now I haven't got access to a ready tool to try and break the one
installed on my system.

If I _am_ vulnerable, I would like to know that ASAP, to shut down the
service immediately. On the other hand, if I am not, I would like to be
able to tell the overzelous sysadmin of my ISP that I am not vulnerable
and please stop bugging me...

Thanks in advance
Giacomo Mulas

-- 
_________________________________________________________________

Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________

OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216     Fax : +39 070 71180 222
_________________________________________________________________

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)
_________________________________________________________________

Reply to:

Prev by Date: Re: VI wrapper for SUDO?
Next by Date: What this means in my logs?
Previous by thread: RE: whats up?
Next by thread: What this means in my logs?
Index(es):
- Date
- Thread