RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

From: Vega, Cesar (cesar.vega@eds.com)
Date: 07/25/01


Message-ID: <9638B68DBCF5D311B70400508B0CC3ED020BC728@MXMCM201>
From: "Vega, Cesar" <cesar.vega@eds.com>
To: Stephanie Thomas <customer.service@ssh.com>, bugtraq@securityfocus.com
Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
Date: Wed, 25 Jul 2001 15:00:38 -0500

Same thing in AIX 4.2.1.0 and HP-UX 10.20/11.00, previously configured as
Trusted System.

Cordial Greetings,

CVC

# -----Original Message-----
# From: Stephanie Thomas [mailto:customer.service@ssh.com]
# Sent: Wednesday, July 25, 2001 11:18 AM
# To: Emre Yildirim; bugtraq@securityfocus.com
# Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
#
#
# Hi Emre,
#
# We have tested OpenBSD and NetBSD, and have found
# that they do not experience this vulnerability,
# even with ssh 3.0.0 installed.
#
# This is most likely due to the method used to encrypt the
# password in /etc/passwd or /etc/shadow.
#
# Best Regards,
#
# Steph
#
# -----Original Message-----
# From: Emre Yildirim [mailto:emre@vsrc.uab.edu]
# Sent: Monday, July 23, 2001 5:12 PM
# To: bugtraq@securityfocus.com
# Cc: customer.service@ssh.com
# Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
#
#
#
# > SSH Secure Shell 3.0.0 does not ship with any
# > of the operating systems mentioned, nor does the
# > announcement specify that it does. However, if a
# > user has explicitly installed SSH Secure Shell 3.0.0
# > on any of the listed operating systems, they are
# > vulnerable to this potential exploit.
# >
#
# I don't want to drag this boring thread any longer, but in
# your advisory, it stated that OpenBSD and NetBSD were
# not vulnerable. So...if I install SSH 3.0.0 on one of those
# (even though the already come with openssh), ssh will not
# be vulnerable to this bug? Or will it? I think that part
# created a little confusion.
#
#
# Cheers
#
#
#



Relevant Pages