[62321] in North American Network Operators' Group
RE: new openssh issue
daemon@ATHENA.MIT.EDU (Buhrmaster, Gary)
Wed Sep 17 14:33:05 2003
Date: Wed, 17 Sep 2003 11:23:40 -0700
From: "Buhrmaster, Gary" <gtb@SLAC.Stanford.EDU>
To: 'Avleen Vig' <lists-nanog@silverwraith.com>,
Valdis.Kletnieks@vt.edu
Cc: Richard A Steenbergen <ras@e-gerbil.net>,
William Allen Simpson <wsimpson@greendragon.com>, nanog@nanog.org
Errors-To: owner-nanog-outgoing@merit.edu
According to Cisco at:
http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml.
this impacts CatOS, their storage router line, their HSE line,
and their WLSE lines, and is not an IOS issue. Details on the web page.
No fixed versions of software are available yet.
Gary
> -----Original Message-----
> From: Avleen Vig [mailto:lists-nanog@silverwraith.com]
> Sent: Wednesday, September 17, 2003 10:27 AM
> To: Valdis.Kletnieks@vt.edu
> Cc: Richard A Steenbergen; William Allen Simpson; nanog@nanog.org
> Subject: Re: new openssh issue
>
>
>
> On Tue, Sep 16, 2003 at 03:50:04PM -0400,
> Valdis.Kletnieks@vt.edu wrote:
> > A posting to full-disclosure quotes Theo as saying HP and
> Cisco are affected,
> > and I don't see any reason that Juniper would *NOT* be,
> given the common code
> > base of the OpenSSH implementations. I'm not going to say
> the routers are
> > vulnerable, but I *would* say that ACLs blocking port 22 to
> the router might
> > be a good idea.....
>
> Isn't this a common practice anyway? Has been anywhere sensible I've
> seen :-)
>
