Yuppa, On 21-Nov-01 Reckhard, Tobias wrote:
...
that a flaw in the SSH1 protocol has been used to break into the two said ^^^^^^^^^^^ ... There is a remote integer overflow vulnerability in several implementations of ^^^^^^^^^^^^^^^^^^^^^^ the SSH1 protocol that allows an attacker to execute arbitrary code with the ^^^^^^^^^^^^^^^^^
Note the (more or less subtle) difference.
Tobias
Que...?
Is it nit picking time already? Didn't know that, OMG! ;)
While we're at it, if you're running SSH protocol version 2 (in any
implementation) *and* a vulnerable SSH protocol 1 demon, with a fallback to V1
for compatibilty with the lame old ssh1, you're vulnerable too, congratulations.
Boris Lorenz