-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rilindo Foster wrote:
>I saw that problem even with 2.9 version. When you say "saw that problem", do you mean that you were able to run the 'crc32 compensation attack detection vulnerability' against OpenSSH v2.9? If so, you should send details of your findings to the OpenSSH team, who will want to know that. If that's not what you meant, then please explain? - -d >On Monday 28 January 2002 08:15 pm, you wrote: >> Rilindo Foster wrote: >> >Yes. Upgrade immediately. >> >> Could you please provide support for that? According to these details >> from the developers: >> >> http://www.openssh.com/security.html >> >> this was a dead issue as of 2.3.0. Please correct me if I ve missed >> something. >> >> OP, in any case, regardless of version, if you don't allow ssh >> protocol 1 connections (which you shouldn't, unless you're providing a >> public service and have no choice), you are not vulnerable. >> >> -d >> >> >-------begin signature--------- >> >Rilindo Foster >> >http://monzell.com >> >AIM: rilindo >> >---------end signature--------- >> > >> >-----Original Message----- >> >> From: [EMAIL PROTECTED] >> >> >[mailto:[EMAIL PROTECTED]]On Behalf Of JW >> >Sent: Tuesday, January 15, 2002 4:38 PM >> >To: [EMAIL PROTECTED] >> >Subject: OpenSSH security >> > >> > >> >Does anyone know if openssh-2.5.2p2-1 is vulnerable the "crc32 >> > compensation attack" that's going around? >> > >> >Thanks. >> > >> >---------------------------------------------------- >> >Jonathan Wilson >> >System Administrator >> > >> >Cedar Creek Software http://www.cedarcreeksoftware.com >> >Central Texas IT http://www.centraltexasit.com >> > >> > >> > >> >_______________________________________________ >> >Redhat-list mailing list >> >[EMAIL PROTECTED] >> >https://listman.redhat.com/mailman/listinfo/redhat-list >> > >> > >> > >> >_______________________________________________ >> >Redhat-list mailing list >> >[EMAIL PROTECTED] >> >https://listman.redhat.com/mailman/listinfo/redhat-list > > - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp - -- http://setiathome.ssl.berkeley.edu/pale_blue_dot.html -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPFbUy79BpdPKTBGtEQL6pQCffeY+Q00LF6vCEffP+gO7ZQSomqwAoMMP hgUwgHG0np3JUju+x+LHB6uf =F5nx -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
