[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Mon, Dec 16, 2002 at 05:52:15PM -0500, Phillip Hofmeister wrote:
> Hi all,
> I am sure you have seen the SSH CERT.  Are we vulnerable?  If so is
> there a time line for an update?

Sorry for the last email.  Spoke before I read. :-)  According to 
the advisory[1]:  
     "it seems that the current version of OpenSSH (3.5) is not
     vulnerable to these problems, and some limited testing shows that
     no version of OpenSSH is vulnerable."

Therefore, I assume that we're not vulnerable.  If you are paranoid
they do list the location of the test suite[2] that you can try
against your machine.

[1] http://www.cert.org/advisories/CA-2002-36.html
[2] http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666

Edward Guldemond

Attachment: pgpd3pAjzkvpn.pgp
Description: PGP signature

Reply to: