From: Vladimir Parkhaev (vladimir@NoSPAMPLZ.arobas.net)
Date: Fri May 24 2002 - 21:00:52 EDT
Quoting Brian G. Kirsch (bkirsch@olosec.com):
> In testing a Netscreen 5, I noticed that ssh v.1 compatibility is enabled
> for remote management. The question is, is Netscreen vulnerable to the
> various ssh v.1 vulnerabilities -- specifically the SSH1 CRC-32 compensation
> attack detector vulnerability?
>
> Thanks.
According to Netscreen it is not. At least that what they said
when that CRC-32 compensation thing first came out... I am sure
you can find it somewhere on www.netscreen.com
If 'manage ssh' is enabled on the untrusted interface you
can try password guessing... Defaults are netscreen/netscreen :)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT