Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Fri, 14 Dec 2001 11:39:14 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Exploitation of vulnerability in SSH1 CRC-32 compensation Message-ID: <20011214113914.K740@cygbert.vinschen.de> Mail-Followup-To: cygwin AT cygwin DOT com References: <3C19059B DOT 21306 DOT 1306EC2 AT localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C19059B.21306.1306EC2@localhost>; from pgarceau@qwest.net on Thu, Dec 13, 2001 at 07:46:35PM -0800 On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote: > Hi folks, > > Not sure if this even applies for Cygwin, but thought I'd ask: > > SSH CRC32 attack detection code contains remote integer overflow > > Description: http://www.kb.cert.org/vuls/id/945216 > > Is the version of OpenSSH that is currently in use for Cygwin vulnerable? http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/