15 Apr
2014
15 Apr
'14
8:18 a.m.
On Tue, 15 Apr 2014, Liam Proven wrote:
On 15 April 2014 15:46, Paul Koning <paulkoning at
comcast.net> wrote:
Process Software offers TCPware for OpenVMS, which includes SSH. Their
web page states:
"Process Software's products including MultiNet, TCPware, PMDF,
PreciseMail, VAM, and SSH-UCX are NOT vulnerable to this attack. These
products do not use the versions of OpenSSL open to attack. No patches or
configuration changes are required to secure any version of these
products."
http://www.process.com/psc/service-support/process-software-products-not-vu…
Mike Loewen mloewen at cpumagic.scol.pa.us
Old Technology http://sturgeon.css.psu.edu/~mloewen/Oldtech/
The documentation about the issue makes it clear
that it exists in OpenSSL 1.0.1x for x < 'g' and 1.0.2y for some y I don't
remember. It does not exist in OpenSSL 1.0.0 or earlier. So you can look at the version
in those platforms and find the answer.
If you have a bad version, you can upgrade to a good one, or turn off the bug by
recompiling with a preprocessor definition that turns off the offending code.
Yes, but OpenSSL doesn't run on VMS, does it? As VMS predates ssh by
about 20 years or so (SSH 1.0 1995) and VMS doesn't have many FOSS or
GPL bits AFAIK.