From owner-freebsd-security Thu Dec 16 13: 4:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id D7877158AA for ; Thu, 16 Dec 1999 13:04:37 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA92764; Thu, 16 Dec 1999 14:04:36 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA74270; Thu, 16 Dec 1999 14:04:36 -0700 (MST) Message-Id: <199912162104.OAA74270@harmony.village.org> To: Fernando Schapachnik Subject: Re: OpenSSH vulnerable to protocol flaw? Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Thu, 16 Dec 1999 09:06:54 -0300." <199912161207.JAA22894@ns1.via-net-works.net.ar> References: <199912161207.JAA22894@ns1.via-net-works.net.ar> Date: Thu, 16 Dec 1999 14:04:35 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199912161207.JAA22894@ns1.via-net-works.net.ar> Fernando Schapachnik writes: : In recent post to bugtraq, someone stated that ssh1 was vulnerable to : a protocol flaw which could allow a malicious party to insert : arbitrary characters in the comunication channel. : : Anybody knows if OpenSSH is vulnerable to this? OpenSSH implements the ssh1 protocol, which is vulnerable to insertion attacks like the one described in bugtraq. I don't think they have changed the protocol at all, but I'm sure someone will tell me if I'm wrong. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message