<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-16">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-16">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6396.0">
<TITLE>Re: new openssh issue</TITLE>
</HEAD><BODY ><DIV>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>On Tue, 16 Sep 2003 15:33:03 EDT, Richard A Steenbergen said:</FONT>
</P>
<P><FONT SIZE=2>> > patched, but does anybody know whether there's a problem with the </FONT>
<BR><FONT SIZE=2>> > criscos? (as in "how do I configure my router for that?" ;-)</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Or better yet, the OpenSSH running on Junipers? Nothing on Juniper's site </FONT>
<BR><FONT SIZE=2>> about a vulnerability so far.</FONT>
</P>
<P><FONT SIZE=2>A posting to full-disclosure quotes Theo as saying HP and Cisco are affected,</FONT>
<BR><FONT SIZE=2>and I don't see any reason that Juniper would *NOT* be, given the common code</FONT>
<BR><FONT SIZE=2>base of the OpenSSH implementations. I'm not going to say the routers are</FONT>
<BR><FONT SIZE=2>vulnerable, but I *would* say that ACLs blocking port 22 to the router might</FONT>
<BR><FONT SIZE=2>be a good idea.....</FONT>
</P>
</DIV>
<P> </P></BODY></HTML>