Dear Sirs;
Your box is only vulnerable IF and ONLY IF you compiled ssh with the
RSAREF option. You would have had to run './configure --with-RSAREF' or
something along those lines. I haven't compiled it (ssh 1.2.27) in the last 2
weeks so I couldn't really tell you what the exact parameter is. Running
`sshd -V' or whatever you had to do to get ssh to return a version ('sshd
--version'??) should tell you whether or not you compiled it with RSAREF.
Cheers,
Mike
Bernhard Rosenkraenzer wrote:
> On Wed, 19 Jan 2000, Michael J. McGillick wrote:
>
> > A buddy of mine believes that I'm running an insecure version of SSH. My
> > current version is:
> >
> > ssh-1.2.27-5us
> >
> > How do I tell if my version is insecure,
>
> Check if it is RSA-enabled and not patched.
>
> > and where would I get the latest version from?
>
> ftp://ftp.redhat.de/pub/rh-addons/security/
>
> You'll probably want to switch to OpenSSH while you're at it.
>
> LLaP
> bero
>
> --
> Anyone sending unsolicited bulk email (UBE, SPAM) to this address will be
> charged a $25 handling fee plus a $5 network traffic fee per started
> kilobyte. By extracting my address from this message or its header, you
> agree to these terms.
>
> Nevertheless, spammers trying to auto-extract addresses from this message
> will definitely want to include [EMAIL PROTECTED] and [EMAIL PROTECTED]
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
