Re: Netscreen ssh v.1 vulnerable??

[Vladimir Parkhaev <vladimir () NoSPAMPLZ arobas net>]

Quoting Brian G. Kirsch (bkirsch () olosec com):
> In testing a Netscreen 5, I noticed that ssh v.1 compatibility is enabled
> for remote management.  The question is, is Netscreen vulnerable to the
> various ssh v.1 vulnerabilities -- specifically the SSH1 CRC-32 compensation
> attack detector vulnerability?
>
> Thanks.

According to Netscreen it is not. At least that what they said
when that CRC-32 compensation thing first came out... I am sure
you can find it somewhere on www.netscreen.com

If 'manage ssh' is enabled on the untrusted interface you
can try password guessing... Defaults are netscreen/netscreen :)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/