* Exploitation of vulnerability in SSH1 CRC-32 compensation
@ 2001-12-14 0:06 Paul G.
2001-12-14 2:57 ` Corinna Vinschen
0 siblings, 1 reply; 3+ messages in thread
From: Paul G. @ 2001-12-14 0:06 UTC (permalink / raw)
To: cygwin
Hi folks,
Not sure if this even applies for Cygwin, but thought I'd ask:
SSH CRC32 attack detection code contains remote integer overflow
Description: http://www.kb.cert.org/vuls/id/945216
Is the version of OpenSSH that is currently in use for Cygwin vulnerable?
Paul G.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
2001-12-14 0:06 Exploitation of vulnerability in SSH1 CRC-32 compensation Paul G.
@ 2001-12-14 2:57 ` Corinna Vinschen
2001-12-14 18:04 ` Paul G.
0 siblings, 1 reply; 3+ messages in thread
From: Corinna Vinschen @ 2001-12-14 2:57 UTC (permalink / raw)
To: cygwin
On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote:
> Hi folks,
>
> Not sure if this even applies for Cygwin, but thought I'd ask:
>
> SSH CRC32 attack detection code contains remote integer overflow
>
> Description: http://www.kb.cert.org/vuls/id/945216
>
> Is the version of OpenSSH that is currently in use for Cygwin vulnerable?
http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
2001-12-14 2:57 ` Corinna Vinschen
@ 2001-12-14 18:04 ` Paul G.
0 siblings, 0 replies; 3+ messages in thread
From: Paul G. @ 2001-12-14 18:04 UTC (permalink / raw)
To: cygwin
On 14 Dec 2001 at 11:39, Corinna Vinschen wrote:
> On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote:
> > Hi folks,
> >
> > Not sure if this even applies for Cygwin, but thought I'd ask:
> >
> > SSH CRC32 attack detection code contains remote integer overflow
> >
> > Description: http://www.kb.cert.org/vuls/id/945216
> >
> > Is the version of OpenSSH that is currently in use for Cygwin
> > vulnerable?
>
> http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS
Okey-dokey! ;-) (revision dated 12/13 -- ;-))
>
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin
> to Cygwin Developer
> mailto:cygwin@cygwin.com Red Hat, Inc.
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-12-15 1:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-12-14 0:06 Exploitation of vulnerability in SSH1 CRC-32 compensation Paul G.
2001-12-14 2:57 ` Corinna Vinschen
2001-12-14 18:04 ` Paul G.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).