RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

["Vega, Cesar" <cesar.vega () eds com>]

Same thing in AIX 4.2.1.0 and HP-UX 10.20/11.00, previously configured as
Trusted System.

Cordial Greetings,

CVC

#  -----Original Message-----
#  From: Stephanie Thomas [mailto:customer.service () ssh com]
#  Sent: Wednesday, July 25, 2001 11:18 AM
#  To: Emre Yildirim; bugtraq () securityfocus com
#  Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
#  
#  
#  Hi Emre,
#  
#  We have tested OpenBSD and NetBSD, and have found
#  that they do not experience this vulnerability, 
#  even with ssh 3.0.0 installed.
#  
#  This is most likely due to the method used to encrypt the 
#  password in /etc/passwd or /etc/shadow.
#  
#  Best Regards,
#  
#  Steph
#  
#  -----Original Message-----
#  From: Emre Yildirim [mailto:emre () vsrc uab edu]
#  Sent: Monday, July 23, 2001 5:12 PM
#  To: bugtraq () securityfocus com
#  Cc: customer.service () ssh com
#  Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
#  
#  
#  
#  > SSH Secure Shell 3.0.0 does not ship with any
#  > of the operating systems mentioned, nor does the
#  > announcement specify that it does. However, if a
#  > user has explicitly installed SSH Secure Shell 3.0.0
#  > on any of the listed operating systems, they are
#  > vulnerable to this potential exploit.
#  >
#  
#  I don't want to drag this boring thread any longer, but in
#  your advisory, it stated that OpenBSD and NetBSD were
#  not vulnerable.  So...if I install SSH 3.0.0 on one of those
#  (even though the already come with openssh), ssh will not
#  be vulnerable to this bug?  Or will it?  I think that part
#  created a little confusion.
#  
#  
#  Cheers
#  
#  
#