On Mon, Dec 16, 2002 at 05:52:15PM -0500, Phillip Hofmeister wrote: > Hi all, > > I am sure you have seen the SSH CERT. Are we vulnerable? If so is > there a time line for an update?
Sorry for the last email. Spoke before I read. :-) According to
the advisory[1]:
"it seems that the current version of OpenSSH (3.5) is not
vulnerable to these problems, and some limited testing shows that
no version of OpenSSH is vulnerable."
Therefore, I assume that we're not vulnerable. If you are paranoid
they do list the location of the test suite[2] that you can try
against your machine.
[1] http://www.cert.org/advisories/CA-2002-36.html
[2] http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
--
Edward Guldemond
msg08196/pgp00000.pgp
Description: PGP signature
