Hewlett-Packard Company Information for VU#389665

Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization

Status

Affected

Vendor Statement

SOURCE: Hewlett-Packard Company

HP Tru64 UNIX V5.1a or HP OpenVMS systems using SSH V2.4.1 should upgrade to SSH V3.2.

HP has investigated this report and find that our implementations within HP-UX are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.