Re: [openssh-unix-announce] OpenSSH Security Advisory (adv.iss) (fwd)

Hi David, > >And all this was done with the knowledge that there was a live exploit > >out in the wild for this. > > That's the first I've heard of that. Can you support it? As I've said, > this condition would absolutely tilt my position toward yours. He is probably referring to the

Re: [openssh-unix-announce] OpenSSH Security Advisory (adv.iss)(fwd)

On Wed, 26 Jun 2002 at 5:44pm (-0700), David Talkington wrote: > Matthew Melvin wrote: > > >And all this was done with the knowledge that there was a live exploit > >out in the wild for this. > > That's the first I've heard of that. Can you support it? As I've said, > this condition would abs

Re: [openssh-unix-announce] OpenSSH Security Advisory (adv.iss)(fwd)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew Melvin wrote: >And all this was done with the knowledge that there was a live exploit >out in the wild for this. That's the first I've heard of that. Can you support it? As I've said, this condition would absolutely tilt my position toward

Re: [openssh-unix-announce] OpenSSH Security Advisory (adv.iss)(fwd)

On Wed, 26 Jun 2002 at 8:28am (-0700), David Talkington wrote: > David Talkington wrote: > > >Yes, this definitely could have been handled differently. Especially > >since they seem to have changed their minds mid-stream after telling > >people they'd have until Monday to shore up before this a

Revised OpenSSH Security Advisory (adv.iss) (fwd)

2002 21:08:17 +0200 From: Markus Friedl <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Revised OpenSSH Security Advisory (adv.iss) This is the 2nd revision of the Advisory. 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input

Re: [openssh-unix-announce] OpenSSH Security Advisory (adv.iss)(fwd)

On Wed, 2002-06-26 at 09:28, David Talkington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > David Talkington wrote: > > >Yes, this definitely could have been handled differently. Especially > >since they seem to have changed their minds mid-stream after telling > >people they'd

[openssh-unix-announce] OpenSSH Security Advisory (adv.iss) (fwd)

ssage -- Date: Wed, 26 Jun 2002 16:42:09 +0200 From: Markus Friedl <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [openssh-unix-announce] OpenSSH Security Advisory (adv.iss) 1. Versions affected: All versions of OpenSSH's sshd betwe

Re: OpenSSH security

lindo Foster >> >http://monzell.com >> >AIM: rilindo >> >-end signature- >> > >> >-Original Message- >> >> From: [EMAIL PROTECTED] >> >> >[mailto:[EMAIL PROTECTED]]On Behalf Of J

Re: OpenSSH security

> >-Original Message- > > From: [EMAIL PROTECTED] > > >[mailto:[EMAIL PROTECTED]]On Behalf Of JW > >Sent: Tuesday, January 15, 2002 4:38 PM > >To: [EMAIL PROTECTED] > >Subject: OpenSSH security > > > > > >Does anyone know if openssh-2.5.2

RE: OpenSSH security

//monzell.com >AIM: rilindo >-end signature- > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of JW >Sent: Tuesday, January 15, 2002 4:38 PM >To: [EMAIL PROTECTED] >Subject: OpenSSH security > > >

RE: OpenSSH security

] Subject: OpenSSH security Does anyone know if openssh-2.5.2p2-1 is vulnerable the "crc32 compensation attack" that's going around? Thanks. Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftw

OpenSSH security

Does anyone know if openssh-2.5.2p2-1 is vulnerable the "crc32 compensation attack" that's going around? Thanks. Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.c