Bugtraq mailing list archives
RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
From: "Vega, Cesar" <cesar.vega () eds com>
Date: Wed, 25 Jul 2001 15:00:38 -0500
Same thing in AIX 4.2.1.0 and HP-UX 10.20/11.00, previously configured as Trusted System. Cordial Greetings, CVC # -----Original Message----- # From: Stephanie Thomas [mailto:customer.service () ssh com] # Sent: Wednesday, July 25, 2001 11:18 AM # To: Emre Yildirim; bugtraq () securityfocus com # Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 # # # Hi Emre, # # We have tested OpenBSD and NetBSD, and have found # that they do not experience this vulnerability, # even with ssh 3.0.0 installed. # # This is most likely due to the method used to encrypt the # password in /etc/passwd or /etc/shadow. # # Best Regards, # # Steph # # -----Original Message----- # From: Emre Yildirim [mailto:emre () vsrc uab edu] # Sent: Monday, July 23, 2001 5:12 PM # To: bugtraq () securityfocus com # Cc: customer.service () ssh com # Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 # # # # > SSH Secure Shell 3.0.0 does not ship with any # > of the operating systems mentioned, nor does the # > announcement specify that it does. However, if a # > user has explicitly installed SSH Secure Shell 3.0.0 # > on any of the listed operating systems, they are # > vulnerable to this potential exploit. # > # # I don't want to drag this boring thread any longer, but in # your advisory, it stated that OpenBSD and NetBSD were # not vulnerable. So...if I install SSH 3.0.0 on one of those # (even though the already come with openssh), ssh will not # be vulnerable to this bug? Or will it? I think that part # created a little confusion. # # # Cheers # # #
Current thread:
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0, (continued)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jaime BENJUMEA (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jonathan A. Zdziarski (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Roman Drahtmueller (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Emre Yildirim (Jul 24)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 25)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Eugene Medynskiy (Jul 25)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 26)