Hewlett-Packard Company Not Affected

Updated:  May 29, 2008

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We've been told that "...Tru64 UNIX, although its ssh is *based on* SSH Communications' ssh V3.2.0 (or later) with subsequent security patches, is NOT exposed to this vulnerability. Tru64 UNIX uses SIA authentication. With Tru64 UNIX, the SSH server has already done sia_become_user() by the point that any remote commands are possible."

SSH Communications Security Affected

Updated:  May 14, 2003

Status

Affected

Vendor Statement

Please see http://www.ssh.com/company/newsroom/article/286/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.