Same thing in AIX 4.2.1.0 and HP-UX 10.20/11.00, previously configured as Trusted System. Cordial Greetings, CVC # -----Original Message----- # From: Stephanie Thomas [mailto:customer.serviceat_private] # Sent: Wednesday, July 25, 2001 11:18 AM # To: Emre Yildirim; bugtraqat_private # Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 # # # Hi Emre, # # We have tested OpenBSD and NetBSD, and have found # that they do not experience this vulnerability, # even with ssh 3.0.0 installed. # # This is most likely due to the method used to encrypt the # password in /etc/passwd or /etc/shadow. # # Best Regards, # # Steph # # -----Original Message----- # From: Emre Yildirim [mailto:emreat_private] # Sent: Monday, July 23, 2001 5:12 PM # To: bugtraqat_private # Cc: customer.serviceat_private # Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 # # # # > SSH Secure Shell 3.0.0 does not ship with any # > of the operating systems mentioned, nor does the # > announcement specify that it does. However, if a # > user has explicitly installed SSH Secure Shell 3.0.0 # > on any of the listed operating systems, they are # > vulnerable to this potential exploit. # > # # I don't want to drag this boring thread any longer, but in # your advisory, it stated that OpenBSD and NetBSD were # not vulnerable. So...if I install SSH 3.0.0 on one of those # (even though the already come with openssh), ssh will not # be vulnerable to this bug? Or will it? I think that part # created a little confusion. # # # Cheers # # #
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 12:13:34 PDT