Is OpenSSH compromised by the OpenSSL vulnerabilities?
I've been asked this question a number of times since the OpenSSL
vulnerabilities were anounced and this is what I figured:
- OpenSSH on 32-bit platforms is not vulnerable since it doesn't use
TLS, S/MIME, certificates and/or PKCS#7.
- OpenSSH on 64-bit platforms is vulnerable to the integer string
representation bug.
Comments?
Regards,
-- Raju
--
Raju Mathur raju@kandalaya.org http://kandalaya.org/
It is the mind that moves
I've been asked this question a number of times since the OpenSSL
vulnerabilities were anounced and this is what I figured:
- OpenSSH on 32-bit platforms is not vulnerable since it doesn't use
TLS, S/MIME, certificates and/or PKCS#7.
- OpenSSH on 64-bit platforms is vulnerable to the integer string
representation bug.
Comments?
Regards,
-- Raju
--
Raju Mathur raju@kandalaya.org http://kandalaya.org/
It is the mind that moves