Re: Netscreen ssh v.1 vulnerable??
From: Vladimir Parkhaev (vladimir@NoSPAMPLZ.arobas.net)Date: 05/25/02
- Previous message: Brian G. Kirsch: "Netscreen ssh v.1 vulnerable??"
- In reply to: Brian G. Kirsch: "Netscreen ssh v.1 vulnerable??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 May 2002 21:00:52 -0400 From: Vladimir Parkhaev <vladimir@NoSPAMPLZ.arobas.net> To: pen-test@securityfocus.com
Quoting Brian G. Kirsch (bkirsch@olosec.com):
> In testing a Netscreen 5, I noticed that ssh v.1 compatibility is enabled
> for remote management. The question is, is Netscreen vulnerable to the
> various ssh v.1 vulnerabilities -- specifically the SSH1 CRC-32 compensation
> attack detector vulnerability?
>
> Thanks.
According to Netscreen it is not. At least that what they said
when that CRC-32 compensation thing first came out... I am sure
you can find it somewhere on www.netscreen.com
If 'manage ssh' is enabled on the untrusted interface you
can try password guessing... Defaults are netscreen/netscreen :)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Brian G. Kirsch: "Netscreen ssh v.1 vulnerable??"
- In reply to: Brian G. Kirsch: "Netscreen ssh v.1 vulnerable??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
