No. OpenSSH is not affected. See http://undeadly.org/cgi?action=article&sid=20140408063423
-ag -- sent via 100% recycled electrons from my mobile command center. > On Apr 10, 2014, at 6:39 PM, Roberto Spadim <robe...@spadim.com.br> wrote: > > hi guys, what about openssh, does it have some problem with this > vulnerability? > > > 2014-04-10 22:35 GMT-03:00 Viktor Dukhovni <openssl-us...@dukhovni.org>: >> On Thu, Apr 10, 2014 at 06:16:33PM -0700, Wim Lewis wrote: >> >> > But if you're using TLS at all, then presumably this is because >> > the TCPIP network over which TLS is running is potentially insecure >> > in some way (e.g., it's the open internet); an attacker with the >> > ability to send packets on that layer could start making TLS >> > connections and extracting data even with no knowledge of your >> > proprietary protocol. If you are in a situation where you are only >> > concerned about purely passive eavesdroppers on that connection, >> > though, then I believe you are safe. >> >> Lack of concern for MiTM attacks is quite different from lack of >> concern about possible connections to the server from malicious >> clients that are not in the middle of protected connections. >> >> Even using SSL only against passive attacks on legitimate connections, >> one has to take care of security issues that can be exploited by >> hostile clients. It is very unlikely that the OP can this one out. >> >> -- >> Viktor. >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > > > -- > Roberto Spadim > SPAEmpresarial > Eng. Automação e Controle
