This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
- From: "Paul G." <pgarceau at qwest dot net>
- To: cygwin at cygwin dot com
- Date: Fri, 14 Dec 2001 17:25:18 -0800
- Subject: Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
- Organization: Paul G.
- References: <3C19059B.21306.1306EC2@localhost>; from pgarceau@qwest.net on Thu, Dec 13, 2001 at 07:46:35PM -0800
- Reply-to: pgarceau at qwest dot net
On 14 Dec 2001 at 11:39, Corinna Vinschen wrote:
> On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote:
> > Hi folks,
> >
> > Not sure if this even applies for Cygwin, but thought I'd ask:
> >
> > SSH CRC32 attack detection code contains remote integer overflow
> >
> > Description: http://www.kb.cert.org/vuls/id/945216
> >
> > Is the version of OpenSSH that is currently in use for Cygwin
> > vulnerable?
>
> http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS
Okey-dokey! ;-) (revision dated 12/13 -- ;-))
>
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin
> to Cygwin Developer
> mailto:cygwin@cygwin.com Red Hat, Inc.
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/