Date: Thu, 27 Jun 2002 08:09:29 -0400 From: Chris Johnson <cjohnson@palomine.net> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down) Message-ID: <20020627120929.GA33498@palomine.net> In-Reply-To: <20020627065435.A3772@sheol.localdomain> References: <UqmS8.2068$eH2.1608821@ruti.visi.com> <200206261711.g5QHB9t00396@sheol.localdomain> <xzpr8itxzgm.fsf@flood.ping.uio.no> <20020626210055.A2065@sheol.localdomain> <20020627022949.GA55324@energistic.com> <20020626214957.A2165@sheol.localdomain> <88624007.20020627130948@internethelp.ru> <20020627065435.A3772@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 27, 2002 at 06:54:35AM -0500, D J Hawkey Jr wrote: > OpenSSH in RELENG_4_5 (FreeBSD 4.5-RELEASE[-pN]) is OpenSSH_2.9. > To reiterate, all that has to be done for this version is turn off > "ChallengeResponseAuthentication". The version in RELENG_4_5 does not have this bug, so you don't even have to turn off ChallengeResponseAuthentication to be safe from this particular vulnerability. You're safe either way. That's not to say that it might not be vulnerable in some other way. Chris Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020627120929.GA33498>