Description
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.
Affected products
- Apple / mac_os_x10.6.6 – 10.6.6
- Apple / mac_os_x10.6.0 – 10.6.0
- Apple / mac_os_x10.6.1 – 10.6.1
- Apple / mac_os_x10.6.2 – 10.6.2
- Apple / mac_os_x10.6.3 – 10.6.3
- Apple / mac_os_x10.6.4 – 10.6.4
- Apple / mac_os_x10.6.5 – 10.6.5
- Apple / mac_os_x_server10.6.6 – 10.6.6
- Apple / mac_os_x_server10.6.0 – 10.6.0
- Apple / mac_os_x_server10.6.1 – 10.6.1
- Apple / mac_os_x_server10.6.2 – 10.6.2
- Apple / mac_os_x_server10.6.3 – 10.6.3
- Apple / mac_os_x_server10.6.4 – 10.6.4
- Apple / mac_os_x_server10.6.5 – 10.6.5
- Apple / terminal
References
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4581