Re: CVE-2014-1692

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



<no_spam_98 <at> yahoo.com> writes:
> 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692
> 
> The NIST advisory says that all versions of OpenSSH potentially contain
> the flaw.  But is that really true?  For example, I looked at the
> 3.8.1p1 distribution and didn't find any reference to JPAKE at all.

Hi. The NVD advisory is inaccurate. JPAKE experimental code was
first introduced in OpenSSH 5.2, iirc.

Also, the advisory should be taken with a grain of salt as the
vulnerable code is not activated without pro-active user code
modification.

--mancha


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux