Hi Brian, et. al., Actually, this statement: > If you didn't pay for it then you are OK!! is not true. SSH Communications Security provides SSH Secure Shell for non-commercial / educational use, and commercial use on the free operating systems (Linux / BSDs), free of charge. Those non-commercial users of SSH Secure Shell 3.0 (who didn't pay for it) are still vulnerable. If you are using SSH Secure Shell 3.0, whether you paid for it or not, please upgrade ASAP. Non-commercial / education users can locate the upgrade at: ftp://ftp.ssh.com/pub/ssh Best Regards, Steph -- ********************************* Stephanie Thomas Technical Support Specialist SSH Secure Shell GIAC Certified Unix Security Administrator SSH Communications Security Inc. http://www.ssh.com/support/ssh ********************************* Brian Carpio wrote: > > OpenSSH is not vulnerable at all weather or not you use PAM.. this is SSH > the commercial Version. > > If you didn't pay for it then you are OK!! > > -------------- > Brian Carpio > CSG Systems Inc. > Open Systems Unix System Admin > > x3317 > -------------- > > --- Security is a Process NOT a Product ---- > > On Sat, 21 Jul 2001, Marcin Zurakowski wrote: > > > On Fri, 20 Jul 2001, Stephanie Thomas wrote: > > > > > an empty password. This affects SSH Secure Shell 3.0.0 > > > > I guess openssh with pam support is not vulnerable?? > > > > -- > > > > Marcin Zurakowski > > > > InterFirma Administrator > > > > > > -- ********************************* Please note that for support cases, if I have not heard otherwise within five business days, I will assume that your issue is resolved. Stephanie Thomas Technical Support Specialist SSH Secure Shell GIAC Certified Unix Security Administrator SSH Communications Security Inc. http://www.ssh.com/support/ssh *********************************
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 16:42:13 PDT