In message <073f01c09136$ddc04240$2e58a8c0ffornicario>, =?iso-8859-1?Q?Iv=E1n_
Arce?= writes:
> OpenSSH
> The vulnerability is present in OpenSSH up to version 2.3.0,
> although it is not possible to exploit it due to limits imposed
> on the number of simultaneous connections the server is allowed
> to handle,
This is a confusing way to put it. This attack is not feasible on
OpenSSH. The connection limits takes care of it. If you are running
OpenSSH 2.3.0, you are completely fine.

Niels.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]