Netscreen ssh v.1 vulnerable??

From: Brian G. Kirsch (bkirschat_private)
Date: Fri May 24 2002 - 12:12:49 PDT

Next message: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"

Previous message: Tomás F. Serna: "RV: [NGSEC] ngGame #1 - Web Authentication"
Next in thread: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
Reply: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In testing a Netscreen 5, I noticed that ssh v.1 compatibility is enabled
for remote management.  The question is, is Netscreen vulnerable to the
various ssh v.1 vulnerabilities -- specifically the SSH1 CRC-32 compensation
attack detector vulnerability?

Thanks.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
Previous message: Tomás F. Serna: "RV: [NGSEC] ngGame #1 - Web Authentication"
Next in thread: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
Reply: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 24 2002 - 15:28:34 PDT