Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SSH 1 Why?
From: rafael () RJW WAW PL (R. J. Wysocki)
Date: Sat, 18 Dec 1999 18:10:01 +0100

On Wed, 15 Dec 1999, Emiliano Kargieman wrote:
"Daniel P. Zepeda" wrote:

Well, there is a problem in the way SSH protocol version 1.x (implemented in
versions 1.x of the SSH software packages) handles integrity checking of the
encrypted channel, that could allow an attacker to insert arbitrary commands
to be executed on the server. This problem is inherent to the protocol and
although there are ways to detect this attack, an upgrade of the protocol is
recommended. See
199806120125.WAA05406 () takeover core com 
ar">http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-06-08&msg=199806120125.WAA05406 () takeover 
core com ar</A>

They claim that the 1.2.25 version of ssh fixes the problem.  Not true?
Is ssh-1.2.27 vulnerable?



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]