Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Fri, 14 Dec 2001 11:39:14 +0100
From:	Corinna Vinschen <cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
Message-ID:	<20011214113914.K740@cygbert.vinschen.de>
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<3C19059B DOT 21306 DOT 1306EC2 AT localhost>
Mime-Version:	1.0
User-Agent:	Mutt/1.2.5i
In-Reply-To:	<3C19059B.21306.1306EC2@localhost>; from pgarceau@qwest.net on Thu, Dec 13, 2001 at 07:46:35PM -0800

On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote:
> Hi folks, 
> 
> 	Not sure if this even applies for Cygwin, but thought I'd ask: 
> 
> 	SSH CRC32 attack detection code contains remote integer overflow 
> 
> 	Description:  http://www.kb.cert.org/vuls/id/945216 
> 
> 	Is the version of OpenSSH that is currently in use for Cygwin vulnerable? 

http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -