Hi, the main question is, if your SSH daemon is vulnerable. The option "Protocol 2,1" sets only the preferred version to SSH2. You're allowed to connect with SSH1 too. Cheers, Ralf
Boris Lorenz wrote:
Yuppa,
On 21-Nov-01 Reckhard, Tobias wrote:
...
that a flaw in the SSH1 protocol has been used to break into the
two said
^^^^^^^^^^^ ...
There is a remote integer overflow vulnerability in several implementations of ^^^^^^^^^^^^^^^^^^^^^^ the SSH1 protocol that allows an attacker to execute arbitrary code
with
the ^^^^^^^^^^^^^^^^^
Note the (more or less subtle) difference.
Tobias
Que...?
Is it nit picking time already? Didn't know that, OMG! ;)
While we're at it, if you're running SSH protocol version 2 (in any implementation) *and* a vulnerable SSH protocol 1 demon, with a fallback to V1 for compatibilty with the lame old ssh1, you're vulnerable too, congratulations.
Hi, so the next question is: If I run only SSH 2 daemon but with sshd_config Option "Protocol 2,1 " for compatibility - is it vulnerable? Annette Sysadmin IfM Technical University Berlin Germany
Boris Lorenz
--- -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com