On Tue, Jun 17, 2003 at 11:41:20PM +0200, Florian Weimer wrote: > > Anyway, I just wanted to make sure that you investigate other > weaknesses than the SSH1 implementation. It's my gut feeling based on > the facts you have mentioned that another explanation is far more > likely.
Certainly, we have to (once we have fully restored all systems) do some investigating to isolate the single point of failure that allowed this crack whether it be some other software exploit which lead to comprimized keys or whether it's a problem with the woody version of SSH. The biggest contributing factors leading us to believe that the exploit is in SSH are: server X was only running (and only allowing through the firewall) SSH, server Y wasn't using fallback to protocol 1 and after upgrading the version of SSH no more servers were comprimized. Thanks, Tim
