This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
- From: Corinna Vinschen <cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 14 Dec 2001 11:39:14 +0100
- Subject: Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
- References: <3C19059B.21306.1306EC2@localhost>
On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote:
> Hi folks,
>
> Not sure if this even applies for Cygwin, but thought I'd ask:
>
> SSH CRC32 attack detection code contains remote integer overflow
>
> Description: http://www.kb.cert.org/vuls/id/945216
>
> Is the version of OpenSSH that is currently in use for Cygwin vulnerable?
http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/