From owner-freebsd-security Wed Jun 26 8: 2:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id C52B937B6D2 for ; Wed, 26 Jun 2002 07:55:04 -0700 (PDT) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.11.4/8.11.3) with ESMTP id g5QEsrH74142; Wed, 26 Jun 2002 10:54:53 -0400 (EDT) Date: Wed, 26 Jun 2002 10:54:53 -0400 (EDT) From: Ralph Huntington To: Benjamin Krueger Cc: Subject: Re: Much ado about nothing. In-Reply-To: <20020626072326.A4270@mail.seattleFenix.net> Message-ID: <20020626105132.E41820-100000@mohegan.mohawk.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 ===================================================================== Administrators can remove this vulnerability [in shhd] by disabling the Challenge-Response authentication parameter within the OpenSSH daemon configuration file. To disable this parameter, locate the corresponding line [in the sshd config file] and change it to the line below [or add the line presumably]: ChallengeResponseAuthentication no This workaround will permanently remove the vulnerability. ===================================================================== Hoping someone can/will confirm the above... -=r=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message