Date: Wed, 26 Jun 2002 18:40:57 +0200 (CEST) From: Oliver Fromme <olli@secnetix.de> To: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH Advisory (was Re: Much ado about nothing.) Message-ID: <200206261640.g5QGevi23040@lurza.secnetix.de> In-Reply-To: <4.3.2.7.2.20020626102338.0227e6a0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass <brett@lariat.org> wrote: > At 09:26 AM 6/26/2002, Jacques A. Vidrine wrote: > >I know. I think people reading this list already know my opinion on > >the issue. I'm just happy that it's all out in the open now. > > It would have been much better if it were "all out in the open" next > week It would have been much better if it were "all out in the open" _last_ week. That would have saved me from wasting several hours yesterday upgrading machines to openssh 3.3. Because those boxes were running openssh versions that weren't vulnerable in the first place. And even if they were, disabling challenge-response authentication would have been a workaround for the bug. Theo de Raadt failed to mention any of that in the FUD that he was spreading. (Yes, I'm angry.) Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206261640.g5QGevi23040>