OpenSSH 2.9p2 / SSH3 vulnerability?
Ault, James R (CRD)
aultj at crd.ge.com
Wed Aug 22 00:41:00 EST 2001
I have a few questions:
1) Is OpenSSH 2.9p2 (or any other version of OpenSSH) vulnerable to the same problem as SSH3.0.0?
(described here:
http://www.kb.cert.org/vuls/id/737451 )
2) There is a "SECURID" patch in the contrib section since 2.5.2p2. I am using it, but applying this
patch to each new version is growing more difficult as time goes on. Would you consider merging this
function into the core of openssh? (with a configure flag and everything)? I would certainly
appreciate it...
3) when is the next version of OpenSSH due to come out? It seems that a new one arrives only moments
after I finish my "make install" on 4-5 different platforms.. :-)
Jim Ault, aultj at crd.ge.com
More information about the openssh-unix-dev
mailing list