Netscreen ssh v.1 vulnerable??

From: Brian G. Kirsch (bkirsch@olosec.com)
Date: Fri May 24 2002 - 15:12:49 EDT

• Next message: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
• Previous message: Tomás F. Serna: "RV: [NGSEC] ngGame #1 - Web Authentication"
• Next in thread: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
• Reply: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In testing a Netscreen 5, I noticed that ssh v.1 compatibility is enabled
for remote management. The question is, is Netscreen vulnerable to the
various ssh v.1 vulnerabilities -- specifically the SSH1 CRC-32 compensation
attack detector vulnerability?

Thanks.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
• Previous message: Tomás F. Serna: "RV: [NGSEC] ngGame #1 - Web Authentication"
• Next in thread: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
• Reply: Vladimir Parkhaev: "Re: Netscreen ssh v.1 vulnerable??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT