Re: Exploitation of vulnerability in SSH1 CRC-32 compensation

Paul G. Fri, 14 Dec 2001 17:25:14 -0800


On 14 Dec 2001 at 11:39, Corinna Vinschen wrote:

> On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote:
> > Hi folks, 
> > 
> >     Not sure if this even applies for Cygwin, but thought I'd ask: 
> > 
> >     SSH CRC32 attack detection code contains remote integer overflow 
> > 
> >     Description:  http://www.kb.cert.org/vuls/id/945216 
> > 
> >     Is the version of OpenSSH that is currently in use for Cygwin
> > vulnerable? 
> 
> http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS

        Okey-dokey!  ;-)  (revision dated 12/13 -- ;-))
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin
> to Cygwin Developer                               
> mailto:[EMAIL PROTECTED] Red Hat, Inc.
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
> 



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Exploitation of vulnerability in SSH1 CRC-32 compensation

Reply via email to