On Wed, 6 Sep 2006, santhi wrote: > Hi All, > > Is there any impact in OpenSSH build with OpenSSL 0.9.7j as OpenSSL is > affected by the following vulnerability > http://www.openssl.org/news/secadv_20060905.txt ? No, OpenSSH performs its own RSA verification which has always checked that the signature is not overly long. See ssh-rsa.c for details. -d