https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108243#M751702 I bet bugs are there in almost all applications and softwares, they are seen only when someone experiences or sees them.<BR />And if HP hasn't released any newer version or there hasn't been any patch release for security vunerability i am sure you can use the existing version. <BR />Trust HP!!! Mon, 03 Nov 2003 01:17:22 GMT Rajeev Shukla 2003-11-03T01:17:22Z https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108242#M751701 Can any one let me know, if there is any security bug in this latest version of SSH 3.61.002 for HP-UX 11.11 ? I see Open SSH 3.7.1 is the latest and fixed a bug as latest as 19th Sept 2003. Is there any plan of HP to release a depot for 3.7.1 or is it safe to use 3.61.002 for now ? Mon, 03 Nov 2003 01:05:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108242#M751701 GIRIJA SWAIN 2003-11-03T01:05:07Z https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108243#M751702 I bet bugs are there in almost all applications and softwares, they are seen only when someone experiences or sees them.<BR />And if HP hasn't released any newer version or there hasn't been any patch release for security vunerability i am sure you can use the existing version. <BR />Trust HP!!! Mon, 03 Nov 2003 01:17:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108243#M751702 Rajeev Shukla 2003-11-03T01:17:22Z https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108244#M751703 Hi,<BR /><BR />The bug was fixed in HP UX 3.6 version already. Look at this thread :<BR /><BR /><A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=240230" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=240230</A><BR /><BR />RGDS<BR /><BR />J Mon, 03 Nov 2003 01:51:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108244#M751703 Jerome Henry 2003-11-03T01:51:09Z https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108245#M751704 Thanks for all the reply so far. I am particularly interested to know if the buffer management bug has been fixed in HP's SSH-3.61.002. Open Forume has reported like this:- "OpenSSH 3.7.1 and newer are not vulnerable to "September 16, 2003: OpenSSH Buffer Management bug", OpenSSH Security Advisory and CERT Advisory CA-2003-24." Mon, 03 Nov 2003 02:13:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108245#M751704 GIRIJA SWAIN 2003-11-03T02:13:49Z https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108246#M751705 HP's SSH 3.61.002 does fix one recent buffer overlow bug but there has been another similar bug since. The problem is there is always going to be more bugs found - as soon as you install one version a new bug will be found and you are out of date again, and HP always take a bit more time to package the latest version of SSH into their own product so theyre always going to be 1 or 2 steps behind openssh.<BR /><BR />The only way to keep uptodate is use openssh - but again, as soon as you get around to installing the latest version a new bug will be found. Its a no win situation. <BR /> Mon, 03 Nov 2003 05:59:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108246#M751705 Stefan Farrelly 2003-11-03T05:59:57Z https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108247#M751706 Please see HPSBUX0309-282 security bulletin, or this post:<BR /><BR /><A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=224090" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=224090</A><BR /><BR />To date, following the instructions in the above bulletin, HP Secure Shell is safe for use.<BR /><BR />Thanks,<BR />Berlene<BR /><BR /><BR /><BR /> Mon, 03 Nov 2003 08:18:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108247#M751706 Berlene Herren 2003-11-03T08:18:51Z https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108248#M751707 Remember the old saying<BR /> <BR />"all sofware contains at least one bug and can be reduced by at least one instruction"<BR /> <BR />This means, of course, that all software can be reduced to one intruction that doesn't work. Mon, 03 Nov 2003 08:30:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/is-ssh-3-61-002-for-hp-ux-secure/m-p/3108248#M751707 Mark Grant 2003-11-03T08:30:07Z