OpenSSH 4.0 p1 and zlib vulnerability

Senthil Kumar senthilkumar_sen at
Thu Jan 19 14:29:04 EST 2006


Im using OpenSSH 4.0 p1 linked with zlib version less then 1.2.2 in a number 
of systems. These are all production systems where I can't upgrade the 
service. I have a question that if I disable the compression by setting 
"compression no"  in sshd_config, will I be able to overcome the Buffer 
overflow vulnerability in zlib. I just glanced through the code and it seems 
sshd is not affected if "compression no" is set. I would like to get inputs 
from the list.

Senthil Kumar. 

More information about the openssh-unix-dev mailing list