Blue Boar wrote: > <SNIP> > Debian is immune for the (somewhat messy) reasons that they do not link > ssh to rsaref, last time that I checked. > <SNIP> Does the fact that the international version of ssh from replay.com uses "internal rsaref" instead of the "external rsaref" in the US version make it immune to this attack too? The version is at least not as far as I can see externally linked to any rsaref library: [oysteivi@colargol ~]$ ldd /usr/sbin/sshd1 libz.so.1 => /usr/lib/libz.so.1 (0x40017000) libnsl.so.1 => /lib/libnsl.so.1 (0x40027000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x4003d000) libpam.so.0 => /lib/libpam.so.0 (0x4006a000) libdl.so.2 => /lib/libdl.so.2 (0x40072000) libutil.so.1 => /lib/libutil.so.1 (0x40075000) libc.so.6 => /lib/libc.so.6 (0x40078000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) (http://www.zedz.net/redhat/ssh.html to check it out for yourselves). Oystein -- "It's pudding time, children!"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:50 PDT