Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

From: Brian Carpio (carb02@csgsystems.com)
Date: 07/23/01


Date: Mon, 23 Jul 2001 10:31:06 -0600 (MDT)
From: Brian Carpio <carb02@csgsystems.com>
To: Marcin Zurakowski <marcin@interfirma.pl>
Subject: Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
Message-ID: <Pine.GSO.4.10.10107231030340.15120-100000@sylvester.co.csgsystems.com>


OpenSSH is not vulnerable at all weather or not you use PAM.. this is SSH
the commercial Version.

If you didn't pay for it then you are OK!!

--------------
Brian Carpio
CSG Systems Inc.
Open Systems Unix System Admin

x3317
--------------

--- Security is a Process NOT a Product ----

On Sat, 21 Jul 2001, Marcin Zurakowski wrote:

> On Fri, 20 Jul 2001, Stephanie Thomas wrote:
>
> > an empty password. This affects SSH Secure Shell 3.0.0
>
> I guess openssh with pam support is not vulnerable??
>
> --
>
> Marcin Zurakowski
>
> InterFirma Administrator
>
>
>



Relevant Pages

  • Re: Connect from SSH Secure Shell to OpenSSH
    ... Skip Montanaro wrote: ... > I'm having trouble connecting without password from a system running ... > to a system running OpenSSH. ... > I can ssh from the OpenSSH system to the SSH Secure Shell system ...
    (comp.security.ssh)
  • Connect from SSH Secure Shell to OpenSSH
    ... I'm having trouble connecting without password from a system running ... to a system running OpenSSH. ... When I tried to ssh to the OpenSSH machine ... I can ssh from the OpenSSH system to the SSH Secure Shell system ...
    (comp.security.ssh)
  • Re: Mismatched user authentication
    ... >>Server#1 is SSH Secure Shell 3.0.1, ... > what does OpenSSH have to do with anything here? ... and other sensitive info about my server entries. ... upgrade in order to have public key authentication. ...
    (comp.security.ssh)
  • Re: OpenSSH 3.6 / Windows SSH 3.2.9 Key Issues
    ... > running SSH Secure Shell 3.2.9 and I'm having issues. ... > option to upload my Windows keys, ... the formats of public kezs in OpenSSH and SSH are different. ...
    (comp.security.ssh)
  • Problem With OpenSSH - Red Hat 8.0
    ... OpenSSH version 3.4 on Red Hat 8.0 and I've verified that the daemon ... When I connect to the box using SSH Secure Shell 3.2.2 ...
    (comp.os.linux.security)