SSH 1.2.x vulnerability

[Karel Volejnik]

Dobry den,
k problemu ssh je zajimava zprava ve firewall mailing listu:

Mike Batchelor wrote:

> Seeing all the posts about ssh-gw here, I thought you may all want to
> know that a CERT advisory is out on ssh v1.2.x, due to a buffer
> overrun vulnerability in the logging functions.

This is incorrect.  There is no such CERT advisory, and according to the

IBM-ERS as well as the SSH team, this has been a false alarm.  Please
see
the PGP-signed statement from IBM, at

  http://www.ssh.fi/sshprotocols2/ibmers_message.txt

as well as the statements from the SSH team, at

  http://www.ssh.fi/sshprotocols2/rootshell.html