[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH



On Mon, Dec 16, 2002 at 05:52:15PM -0500, Phillip Hofmeister wrote:
> Hi all,
> 
> I am sure you have seen the SSH CERT.  Are we vulnerable?  If so is
> there a time line for an update?


Sorry for the last email.  Spoke before I read. :-)  According to 
the advisory[1]:  
     
     "it seems that the current version of OpenSSH (3.5) is not
     vulnerable to these problems, and some limited testing shows that
     no version of OpenSSH is vulnerable."

Therefore, I assume that we're not vulnerable.  If you are paranoid
they do list the location of the test suite[2] that you can try
against your machine.

[1] http://www.cert.org/advisories/CA-2002-36.html
[2] http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666

--
Edward Guldemond

Attachment: pgpSEDulq3uEb.pgp
Description: PGP signature


Reply to: