From owner-freebsd-questions Tue Dec 17 10:47:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B91AA37B401 for ; Tue, 17 Dec 2002 10:47:08 -0800 (PST) Received: from galilee.polands.org (new-24-208-57-240.new.rr.com [24.208.57.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FFEF43EC2 for ; Tue, 17 Dec 2002 10:47:07 -0800 (PST) (envelope-from doug@polands.org) Received: from mydomain.com (samaria.polands.org [172.16.1.17]) by galilee.polands.org (8.12.6/8.12.5) with SMTP id gBHIlibu036438; Tue, 17 Dec 2002 12:47:44 -0600 (CST) (envelope-from doug@polands.org) Received: from 63.104.35.130 (proxying for 164.5.45.79) (SquirrelMail authenticated user djp) by email.polands.org with HTTP; Tue, 17 Dec 2002 12:47:06 -0600 (CST) Message-ID: <58477.63.104.35.130.1040150826.squirrel@email.polands.org> Date: Tue, 17 Dec 2002 12:47:06 -0600 (CST) Subject: Re: Thought of the list: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations From: "Doug Poland" To: In-Reply-To: <1040145009.58381.19.camel@localhost> References: <1040145009.58381.19.camel@localhost> X-Priority: 3 Importance: Normal Cc: X-Mailer: SquirrelMail (version 1.2.8) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG FWIW, on the advisory itself, an OpenSSH author states, "From my testing it seems that the current version of OpenSSH (3.5) is not vulnerable to these problems, and some limited testing shows that no version of OpenSSH is vulnerable." -- Regards, Doug Stacey Roberts said: > This just landed in my Inbox. > > Figured the list might like to be aware of this: > > Multiple vendors' SSH transport layer protocol implementations > contain vulnerabilities in key exchange and initialization > > http://www.kb.cert.org/vuls/id/389665 > > > Regards, > Stacey > -- > Stacey Roberts > B.Sc (HONS) Computer Science > > Web: www.vickiandstacey.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message