Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Delivered-To: fixup-cygwin AT cygwin DOT com@fixme From: "Paul G." Organization: Paul G. To: cygwin AT cygwin DOT com Date: Fri, 14 Dec 2001 17:25:18 -0800 MIME-Version: 1.0 Subject: Re: Exploitation of vulnerability in SSH1 CRC-32 compensation Reply-to: pgarceau AT qwest DOT net Message-ID: <3C1A35FE.21643.864CE1@localhost> In-reply-to: <20011214113914.K740@cygbert.vinschen.de> References: <3C19059B DOT 21306 DOT 1306EC2 AT localhost>; from pgarceau AT qwest DOT net on Thu, Dec 13, 2001 at 07:46:35PM -0800 X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body On 14 Dec 2001 at 11:39, Corinna Vinschen wrote: > On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote: > > Hi folks, > > > > Not sure if this even applies for Cygwin, but thought I'd ask: > > > > SSH CRC32 attack detection code contains remote integer overflow > > > > Description: http://www.kb.cert.org/vuls/id/945216 > > > > Is the version of OpenSSH that is currently in use for Cygwin > > vulnerable? > > http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS Okey-dokey! ;-) (revision dated 12/13 -- ;-)) > > Corinna > > -- > Corinna Vinschen Please, send mails regarding Cygwin > to Cygwin Developer > mailto:cygwin AT cygwin DOT com Red Hat, Inc. > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/