[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Probable SSH Vulnerability

Tim Peeler <thp@linux00.LinuxForce.net> writes:

> As we have yet to see any indication that this is related to the crc32
> compensation detector yet, I'm finding it more and more difficult
> to believe that this was truely the problem.

Yes, indeed.  This particular problem has been fixed, but there are
others, which are more like protocol weaknesses and more difficult to
address (the CRC32 attack detector was added to compensate for such a

Anyway, I just wanted to make sure that you investigate other
weaknesses than the SSH1 implementation.  It's my gut feeling based on
the facts you have mentioned that another explanation is far more

Reply to: