In message <00ef01c2388a$0ecaa8c0$390110ac@kovaiteam> on Wed, 31 Jul 2002 17:29:32 +0530, "kumar" <[EMAIL PROTECTED]> said:
kumaresh_ind> Hello all, kumaresh_ind> I am using OpenSSH with OpenSSL(0.9.6d) kumaresh_ind> What is the impact of this OpenSSL vulnerability in openssh? kumaresh_ind> Anyone have answers.Please share. As long as OpenSSH doesn't touch anything related to SSL or ASN.1, you should be safe. OpenSSH doesn't talk SSL, and as far as I know, it doesn't handle certificates yet (that's where ASN.1 would come in). If OpenSH handles certificates, it should be possible to disable that until you have made appropriate upgrades. My 2 cents... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]