If you can run sshV2 it would be better, however the crc32 exploit was
removed as of OpenSSH 2.3.0.

On 7 Dec 2001, Laine Stump wrote:

> Manuel Bouyer <bouyer@antioche.lip6.fr> writes:
> 
> > On Sat, Dec 08, 2001 at 05:48:48PM -2800, Brady Owens wrote:
> > > If I'm not mistaken, if you are running NetBSD 1.5.2 then you don't have 
> > > anything to worry cause it has OpenSSH 2.5.1 packaged with it, which has this 
> > > vulnerability fixed.  Correct?
> > 
> > Yes.
> 
> Even when fallback to version 1 protocol is enabled? (The CERT bulletin
> suggests you're still vulnerable if that is the case.)
> 
> I recall seeing a message float by during my rc that says protocol ver
> 2 was disabled because I'm missing a file or something. Up until now I
> hadn't heard that there was a security risk with ver 1, and everything
> was working for me, so I never took the time to eliminate the message.
> 
> (I'm running a fairly recent -current)
> 



diana eichert

"They that can give up liberty to obtain
        a little temporary safety deserve
                neither liberty nor safety"

Benjamin Frankin
1706-1790

For PGP Public key
http://www.swcp.com/~deichert/pgp_public_key.txt