Bugtraq mailing list archives
RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
From: "Stephanie Thomas" <customer.service () ssh com>
Date: Mon, 23 Jul 2001 16:04:00 -0700
Hi Roman and Others, Thanks for the feedback. SSH Secure Shell 3.0.0 does not ship with any of the operating systems mentioned, nor does the announcement specify that it does. However, if a user has explicitly installed SSH Secure Shell 3.0.0 on any of the listed operating systems, they are vulnerable to this potential exploit. Please understand that we receive many support requests from administrators using either the commercial or non-commercial versions of SSH Secure Shell on SuSe, Redhat, Caldera, and other Linux versions - even though SSH Secure Shell is not bundled these operating systems. Because of this, we wish to ensure that those users are aware that this issue does affect them, and what they can do to protect themselves. We have listed those operating systems which we know are vulnerable _with SSH Secure Shell 3.0.0 installed_. My apologies if this was not clear in the original announcement. Best Regards, Steph -----Original Message----- From: Roman Drahtmueller [mailto:draht () suse de] Sent: Monday, July 23, 2001 9:03 AM To: Stephanie Thomas; bugtraq () securityfocus com; security () suse de Subject: Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
From: Stephanie Thomas <customer.service () ssh com> To: bugtraq () securityfocus com Date: Fri, 20 Jul 2001 17:34:02 -0700 Subject: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
[...]
PLATFORMS IMPACTED: Red Hat Linux 6.1 thru 7.1 Solaris 2.6 thru 2.8 HP-UX 10.20 HP-UX 11.00 Caldera Linux 2.4 Suse Linux 6.4 thru 7.0
Numerous requests force an additional statement. The ssh versions 3.* are not shipped with SuSE Linux, all versions of the distribution. Thanks to Frank Denis for pointing this out on bugtraq. Since most of the mentioned systems are older than ssh-3.*, it seems logical that these systems can't be affected by default. It should have been mentioned that the platforms mentioned above are vulnerable if the said version of ssh has been installed on them. I wish for more precision in future security announcements from ssh.com. Roman Drahtmüller, SuSE Security. -- - - | Roman Drahtmüller <draht () suse de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Current thread:
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0, (continued)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Thomas Roessler (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Lucian Hudin (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Sports (Jul 24)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Seth Arnold (Jul 24)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Thomas Roessler (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Marcin Zurakowski (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Brian Carpio (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jaime BENJUMEA (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Jonathan A. Zdziarski (Jul 23)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Roman Drahtmueller (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Emre Yildirim (Jul 24)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 25)
- Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Eugene Medynskiy (Jul 25)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 23)
- RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Stephanie Thomas (Jul 26)