Bugtraq mailing list archives
Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
From: Stephanie Thomas <customer.service () ssh com>
Date: Mon, 23 Jul 2001 12:17:17 -0700
Hi Brian, et. al., Actually, this statement:
If you didn't pay for it then you are OK!!
is not true. SSH Communications Security provides SSH Secure Shell for non-commercial / educational use, and commercial use on the free operating systems (Linux / BSDs), free of charge. Those non-commercial users of SSH Secure Shell 3.0 (who didn't pay for it) are still vulnerable. If you are using SSH Secure Shell 3.0, whether you paid for it or not, please upgrade ASAP. Non-commercial / education users can locate the upgrade at: ftp://ftp.ssh.com/pub/ssh Best Regards, Steph -- ********************************* Stephanie Thomas Technical Support Specialist SSH Secure Shell GIAC Certified Unix Security Administrator SSH Communications Security Inc. http://www.ssh.com/support/ssh ********************************* Brian Carpio wrote:
OpenSSH is not vulnerable at all weather or not you use PAM.. this is SSH the commercial Version. If you didn't pay for it then you are OK!! -------------- Brian Carpio CSG Systems Inc. Open Systems Unix System Admin x3317 -------------- --- Security is a Process NOT a Product ---- On Sat, 21 Jul 2001, Marcin Zurakowski wrote:On Fri, 20 Jul 2001, Stephanie Thomas wrote:an empty password. This affects SSH Secure Shell 3.0.0I guess openssh with pam support is not vulnerable?? -- Marcin Zurakowski InterFirma Administrator
-- ********************************* Please note that for support cases, if I have not heard otherwise within five business days, I will assume that your issue is resolved. Stephanie Thomas Technical Support Specialist SSH Secure Shell GIAC Certified Unix Security Administrator SSH Communications Security Inc. http://www.ssh.com/support/ssh *********************************
Current thread:
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0, (continued)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Trond Eivind Glomsrød (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jen B. (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Marcus Meissner (Jul 21)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Florian Weimer (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Thomas Roessler (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Lucian Hudin (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Sports (Jul 24)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Seth Arnold (Jul 24)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Thomas Roessler (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Marcin Zurakowski (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jaime BENJUMEA (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jonathan A. Zdziarski (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Roman Drahtmueller (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Emre Yildirim (Jul 24)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 25)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Eugene Medynskiy (Jul 25)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 26)