Is there any impact?

Damien Miller djm at
Thu Sep 7 08:08:08 EST 2006

On Wed, 6 Sep 2006, santhi wrote:

> Hi All,
> Is there any impact in OpenSSH build with OpenSSL 0.9.7j as OpenSSL is
> affected by the following vulnerability
> ?

No, OpenSSH performs its own RSA verification which has always checked
that the signature is not overly long. See ssh-rsa.c for details.


More information about the openssh-unix-dev mailing list