On Mon, Dec 16, 2002 at 05:52:15PM -0500, Phillip Hofmeister wrote: > Hi all, > > I am sure you have seen the SSH CERT. Are we vulnerable? If so is > there a time line for an update? I believe you are vulnerable if you have SSH1 support enabled. I am not sure if sshd's config is shipped this way by default, but, IMHO, if you are setting up a new SSH server, disable SSH1 support anyway. With some of the problems it has been having (for example, this exploit is in the code that is CHECKING for an exploit similar to this) it may very well be worth it. Don't know about the update time line. You'll have to ask the security team about that one. -- Edward Guldemond
Attachment:
pgpHOAQ5wQ5HR.pgp
Description: PGP signature