Hi All, Is there any impact in OpenSSH build with OpenSSL 0.9.7j as OpenSSL is affected by the following vulnerability http://www.openssl.org/news/secadv_20060905.txt ? Thanks & Regards, Santhi.
On Wed, 6 Sep 2006, santhi wrote:> Hi All, > > Is there any impact in OpenSSH build with OpenSSL 0.9.7j as OpenSSL is > affected by the following vulnerability > http://www.openssl.org/news/secadv_20060905.txt ?No, OpenSSH performs its own RSA verification which has always checked that the signature is not overly long. See ssh-rsa.c for details. -d
Possibly Parallel Threads
- [Bug 1201] Bind address information is not specified in command line help messages
- getnameinfo() call and fake-rfc2553.c
- http://www.openssl.org/news/secadv_20060905.txt
- [Bug 1477] New: ssh-keygen not reading stdin as expected
- US "Truth in caller id act"... and it's impact on services