Security Vulnerability in SSHd

Michael Gretton · ‎07-25-2001

I work for the Government and have heard about a security vulnerability in SSH if you are using password authentication. Accounts that are disabled can be exploited. I have been told to upgrade my SSH to 3.0.1. Has HP addressed this vulnerability? Is there a newer version of SSH for HP 10.20 and 11 out there? Or should I just buy it from SSH?

paul courry · ‎07-25-2001

The following website has a good article on it:

http://www.theregister.co.uk/content/55/20594.html

Yes, HPUX *is* vulnerable, however, there is a workaround, go see the article.

Chris Calabrese · ‎07-25-2001

Some background here...
1. HP doesn't ship ssh, so there's no reason to expect them to address this issue.
2. The problem affects both all products from SSH Communications and F-Secure starting with 2.0.
3. The problem does not affect OpenSSH or SSH 1.x.

Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

** Security Vulnerability in SSHd **