Re: SSH exploit and commerical SSH

To: Scott James Remnant <scott@netsplit.com>
Cc: debian-ssh@lists.debian.org
Subject: Re: SSH exploit and commerical SSH
From: ucko@debian.org (Aaron M. Ucko)
Date: 26 Jun 2002 09:06:38 -0400
Message-id: <udlsn3amboh.fsf@multics.mit.edu>
In-reply-to: <1025095401.30959.25.camel@virus.eng.demon.net>
References: <1025095401.30959.25.camel@virus.eng.demon.net>

Scott James Remnant <scott@netsplit.com> writes:

> Does anybody know (apart from Theo, who I've also e-mailed the question
> to) whether the exploit might affect the commercial SSH 1.x
> distribution?

Probably only Theo; good luck getting concrete information out of
him. ;-) Note that if the commercial version is vulnerable, Debian
will almost certainly just advise users to switch to OpenSSH, as we're
killing the ssh-nonfree packages off anyway.  (Of course, if it's
*not* vulnerable, you may be better off waiting until there's a real
fix for the OpenSSH bug.)

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
Finger amu@monk.mit.edu (NOT a valid e-mail address) for more info.

-- 
To UNSUBSCRIBE, email to debian-ssh-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- SSH exploit and commerical SSH
  - From: Scott James Remnant <scott@netsplit.com>

Prev by Date: Re: SSH Vulnerbility(?)
Previous by thread: SSH exploit and commerical SSH
Index(es):
- Date
- Thread