On Wed, 15 Dec 1999, Emiliano Kargieman wrote:
> "Daniel P. Zepeda" wrote:
> Well, there is a problem in the way SSH protocol version 1.x (implemented in
> versions 1.x of the SSH software packages) handles integrity checking of the
> encrypted channel, that could allow an attacker to insert arbitrary commands
> to be executed on the server. This problem is inherent to the protocol and
> although there are ways to detect this attack, an upgrade of the protocol is
> recommended. See
>
>http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-06-08&[EMAIL PROTECTED]
They claim that the 1.2.25 version of ssh fixes the problem. Not true?
Is ssh-1.2.27 vulnerable?
Greets
Rafael
