Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down)

From: Mark Thomas (
Date: 06/27/02

Date: Thu, 27 Jun 2002 08:20:40 -0400
To: freebsd-security@FreeBSD.ORG
From: Mark Thomas <>

At 08:09 AM 6/27/02 -0400, Chris Johnson wrote:
>On Thu, Jun 27, 2002 at 06:54:35AM -0500, D J Hawkey Jr wrote:
> > OpenSSH in RELENG_4_5 (FreeBSD 4.5-RELEASE[-pN]) is OpenSSH_2.9.
> > To reiterate, all that has to be done for this version is turn off
> > "ChallengeResponseAuthentication".
>The version in RELENG_4_5 does not have this bug, so you don't even have to
>turn off ChallengeResponseAuthentication to be safe from this particular
>vulnerability. You're safe either way.

If you're running older versions be careful. This option may not exist, and
hupping a server with this in place can cause it to shut itself down,
leaving you with no daemon running.

Mark Thomas

--- ---->
Play by Electron Games -> Free Trial Games
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message