Date: Tue, 2 Jul 2002 12:44:36 -0400 From: "Peter Brezny" <peter@skyrunner.net> To: <freebsd-security@freebsd.org> Subject: Re: CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Message-ID: <NEBBIGLHNDFEJMMIEGOOCEHOFCAA.peter@skyrunner.net>
next in thread | raw e-mail | index | archive | help
OK, so now that half the freebsd-security list has enlightened me as to what YMMV means and where it came from, I know you guys are reading this list, however, no one bothered to mention why even though openssh's statement says that freebsd has a problem with the version of ssh out there, FreeBSD actually doesn't. Could someone please point me to a specific ref. as to why freebsd's implementation of ssh is ok? I know I'm paranoid. Thanks. From: http://openssh.org/txt/preauth.adv 2. Impact: This bug can be exploited remotely if ChallengeResponseAuthentication is enabled in sshd_config. This option is enabled by default on OpenBSD and other systems. Affected are at least systems supporting s/key over SSH protocol version 2 (OpenBSD, FreeBSD and NetBSD as well as other systems supporting s/key with SSH). Exploitablitly of systems using PAMAuthenticationViaKbdInt has not been verified. Thanks for the help and the enlightening reasons of what YMMV means, Here's a good one Your Memory Might Vanish :) (it's: Your Milage May Vary) And another with a nice explanation. YMMV = "your mileage may vary" A statement often made in advertising by American automobile manufacturers stating that fuel economy in miles/gallon is variable according to driving habits, type of fuel, etc., etc., This has come to mean "I found this to be true, but you may not..." Thanks again for your help guys! Peter Brezny Skyrunner.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIGLHNDFEJMMIEGOOCEHOFCAA.peter>