Re: SSH 1 Why?

From: R. J. Wysocki (rafaelat_private)
Date: Sat Dec 18 1999 - 09:10:01 PST

Next message: Michal Zalewski: "procmail / Sendmail - five bugs"

Previous message: Bohemian: "Fw: NAV2000 Email Protection DoS"
Maybe in reply to: Daniel P. Zepeda: "SSH 1 Why?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 15 Dec 1999, Emiliano Kargieman wrote:
> "Daniel P. Zepeda" wrote:

> Well, there is a problem in the way SSH protocol version 1.x (implemented in
> versions 1.x of the SSH software packages) handles integrity checking of the
> encrypted channel, that could allow an attacker to insert arbitrary commands
> to be executed on the server. This problem is inherent to the protocol and
> although there are ways to detect this attack, an upgrade of the protocol is
> recommended. See
> 199806120125.WAA05406at_private">http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-06-08&msg=199806120125.WAA05406at_private

They claim that the 1.2.25 version of ssh fixes the problem.  Not true?
Is ssh-1.2.27 vulnerable?

	Greets

		Rafael

Next message: Michal Zalewski: "procmail / Sendmail - five bugs"
Previous message: Bohemian: "Fw: NAV2000 Email Protection DoS"
Maybe in reply to: Daniel P. Zepeda: "SSH 1 Why?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:52 PDT