Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

SSH Communications Security Information for VU#973635

Date Notified
Date Modified09/09/2005 02:48:26 PM
Status SummaryVulnerable

Vendor Statement

Affected Productions
  • SSH Secure Shell for Windows Servers (all versions)
  • SSH Tectia Server (Windows) 4.3.1 and older versions

Remediation

1a) Update the SSH Tectia Server For Windows installation to version 4.3.2, or
1b) Manually make the hostkey file readable only for Administrator group. Default location of file may have been modified in server configuration.
However, the default location of the secret part of the host key is
C:\Program Files\SSH Communications Security\SSH Secure Shell Server\hostkey

and optionally in systems, that were upgraded

2) Generate a new hostkey for system. Caution! The changed hostkey causes warning in clients connecting to the system.

US-CERT Addendum

Because the hostkey may have been comprised, we also suggest that you create a new hostkey for the system.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information