[21816] in bugtraq
RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
daemon@ATHENA.MIT.EDU (Emre Yildirim)
Tue Jul 24 15:02:09 2001
Message-ID: <1101.138.26.156.4.995933493.squirrel@www.vsrc.uab.edu>
Date: Mon, 23 Jul 2001 19:11:33 -0500 (CDT)
From: "Emre Yildirim" <emre@vsrc.uab.edu>
To: <bugtraq@securityfocus.com>
In-Reply-To: <FNEKKFMHLBAMAHPEHBLMMEAHCAAA.customer.service@ssh.com>
Cc: <customer.service@ssh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
> SSH Secure Shell 3.0.0 does not ship with any
> of the operating systems mentioned, nor does the
> announcement specify that it does. However, if a
> user has explicitly installed SSH Secure Shell 3.0.0
> on any of the listed operating systems, they are
> vulnerable to this potential exploit.
>
I don't want to drag this boring thread any longer, but in
your advisory, it stated that OpenBSD and NetBSD were
not vulnerable. So...if I install SSH 3.0.0 on one of those
(even though the already come with openssh), ssh will not
be vulnerable to this bug? Or will it? I think that part
created a little confusion.
Cheers
