[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Mon, Dec 16, 2002 at 05:52:15PM -0500, Phillip Hofmeister wrote:
> Hi all,
> I am sure you have seen the SSH CERT.  Are we vulnerable?  If so is
> there a time line for an update?

I believe you are vulnerable if you have SSH1 support enabled.  I am
not sure if sshd's config is shipped this way by default, but, IMHO,
if you are setting up a new SSH server, disable SSH1 support anyway.
With some of the problems it has been having (for example, this
exploit is in the code that is CHECKING for an exploit similar to
this) it may very well be worth it.

Don't know about the update time line.  You'll have to ask the security
team about that one.

Edward Guldemond

Attachment: pgpHOAQ5wQ5HR.pgp
Description: PGP signature

Reply to: