S at msmith.net
Fri Feb 22 11:31:00 GMT 2002
On Fri, 22 Feb 2002, Kevin O'Connor wrote:
> > On Fri, 22 Feb 2002, Kevin O'Connor wrote:
> > > Why would any one still be running SSH1. Implementations of SSH2 that
> > > fallback on SSH1 for clients that cannot connect using SSH2 should be
> > > removed from servers to prevent a known security hole.
> > > http://www.cert.org/advisories/CA-2001-35.html
> > Wouldn't it just be easier to upgrade the server to a non-vulnerable
> > version?
> There is no such thing as a non-vulnerable version of SSH1 If there
> was the problem with fallback in SSH2 would not exist.
You may want to read the whole of the following thread in the ssh
list archives: http://marc.theaimsgroup.com/?t=101259053300001&r=1&w=2
Consulting: If You're Not Part of the Solution, There's Good Money to
be Made in Prolonging the Problem.
More information about the Ukfreebsd