In message <073f01c09136$ddc04240$2e58a8c0@ffornicario>, =?iso-8859-1?Q?Iv=E1n_ Arce?= writes: > OpenSSH > The vulnerability is present in OpenSSH up to version 2.3.0, > although it is not possible to exploit it due to limits imposed > on the number of simultaneous connections the server is allowed > to handle, This is a confusing way to put it. This attack is not feasible on OpenSSH. The connection limits takes care of it. If you are running OpenSSH 2.3.0, you are completely fine. Niels.
- [CORE SDI ADVISORY] SSH1 session key recovery vulnerability Iván Arce
- Re: [CORE SDI ADVISORY] SSH1 session key recovery vulner... Dan Harkless
- Re: [CORE SDI ADVISORY] SSH1 session key recovery vulner... Iván Arce
- Re: [CORE SDI ADVISORY] SSH1 session key recovery vulner... Iván Arce
- Re: [CORE SDI ADVISORY] SSH1 session key recovery vulner... David Wagner
- Niels Provos
