Date: Thu, 27 Jun 2002 08:20:40 -0400 From: Mark Thomas <thomas@pbegames.com> To: freebsd-security@FreeBSD.ORG Subject: Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down) Message-ID: <5.1.0.14.2.20020627081749.01e19620@pbegames.com> In-Reply-To: <20020627120929.GA33498@palomine.net> References: <20020627065435.A3772@sheol.localdomain> <UqmS8.2068$eH2.1608821@ruti.visi.com> <200206261711.g5QHB9t00396@sheol.localdomain> <xzpr8itxzgm.fsf@flood.ping.uio.no> <20020626210055.A2065@sheol.localdomain> <20020627022949.GA55324@energistic.com> <20020626214957.A2165@sheol.localdomain> <88624007.20020627130948@internethelp.ru> <20020627065435.A3772@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:09 AM 6/27/02 -0400, Chris Johnson wrote: >On Thu, Jun 27, 2002 at 06:54:35AM -0500, D J Hawkey Jr wrote: > > OpenSSH in RELENG_4_5 (FreeBSD 4.5-RELEASE[-pN]) is OpenSSH_2.9. > > To reiterate, all that has to be done for this version is turn off > > "ChallengeResponseAuthentication". > >The version in RELENG_4_5 does not have this bug, so you don't even have to >turn off ChallengeResponseAuthentication to be safe from this particular >vulnerability. You're safe either way. If you're running older versions be careful. This option may not exist, and hupping a server with this in place can cause it to shut itself down, leaving you with no daemon running. Mark Thomas --- thomas@pbegames.com ----> http://www.pbegames.com/~thomas Play by Electron Games -> http://www.pbegames.com Free Trial Games To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020627081749.01e19620>