This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Exploitation of vulnerability in SSH1 CRC-32 compensation

From: Corinna Vinschen <cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Fri, 14 Dec 2001 11:39:14 +0100
Subject: Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
References: <3C19059B.21306.1306EC2@localhost>

On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote:
> Hi folks, 
> 
> 	Not sure if this even applies for Cygwin, but thought I'd ask: 
> 
> 	SSH CRC32 attack detection code contains remote integer overflow 
> 
> 	Description:  http://www.kb.cert.org/vuls/id/945216 
> 
> 	Is the version of OpenSSH that is currently in use for Cygwin vulnerable? 

http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
  - From: Paul G.

References:
- Exploitation of vulnerability in SSH1 CRC-32 compensation
  - From: Paul G.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]