On Wed, 15 Dec 1999, Emiliano Kargieman wrote: > "Daniel P. Zepeda" wrote: > Well, there is a problem in the way SSH protocol version 1.x (implemented in > versions 1.x of the SSH software packages) handles integrity checking of the > encrypted channel, that could allow an attacker to insert arbitrary commands > to be executed on the server. This problem is inherent to the protocol and > although there are ways to detect this attack, an upgrade of the protocol is > recommended. See > 199806120125.WAA05406at_private">http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-06-08&msg=199806120125.WAA05406at_private They claim that the 1.2.25 version of ssh fixes the problem. Not true? Is ssh-1.2.27 vulnerable? Greets Rafael
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:52 PDT