OpenSSH 4.0 p1 and zlib vulnerability
Senthil Kumar
senthilkumar_sen at hotpop.com
Thu Jan 19 14:29:04 EST 2006
Hi,
Im using OpenSSH 4.0 p1 linked with zlib version less then 1.2.2 in a number
of systems. These are all production systems where I can't upgrade the
service. I have a question that if I disable the compression by setting
"compression no" in sshd_config, will I be able to overcome the Buffer
overflow vulnerability in zlib. I just glanced through the code and it seems
sshd is not affected if "compression no" is set. I would like to get inputs
from the list.
Thanks,
Senthil Kumar.
More information about the openssh-unix-dev
mailing list