Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

OpenSSH and OpenSSL vulnerabilities

From: full-disclosure () lists netsys com (Raju Mathur)
Date: Fri, 2 Aug 2002 08:33:22 +0530
Is OpenSSH compromised by the OpenSSL vulnerabilities?

I've been asked this question a number of times since the OpenSSL
vulnerabilities were anounced and this is what I figured:

- OpenSSH on 32-bit platforms is not vulnerable since it doesn't use
  TLS, S/MIME, certificates and/or PKCS#7.

- OpenSSH on 64-bit platforms is vulnerable to the integer string
  representation bug.

Comments?

Regards,

-- Raju
-- 
Raju Mathur          raju () kandalaya org           http://kandalaya.org/
                     It is the mind that moves
Previous By Date Next
Previous By Thread Next

Current thread: