Manuel Bouyer <bouyer@antioche.lip6.fr> writes:

> On Sat, Dec 08, 2001 at 05:48:48PM -2800, Brady Owens wrote:
> > If I'm not mistaken, if you are running NetBSD 1.5.2 then you don't have 
> > anything to worry cause it has OpenSSH 2.5.1 packaged with it, which has this 
> > vulnerability fixed.  Correct?
> 
> Yes.

Even when fallback to version 1 protocol is enabled? (The CERT bulletin
suggests you're still vulnerable if that is the case.)

I recall seeing a message float by during my rc that says protocol ver
2 was disabled because I'm missing a file or something. Up until now I
hadn't heard that there was a security risk with ver 1, and everything
was working for me, so I never took the time to eliminate the message.

(I'm running a fairly recent -current)