Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down)
From: Mark Thomas (thomas@pbegames.com)
Date: 06/27/02
- Next message: Dag-Erling Smorgrav: "Re: Another one?"
- Previous message: Chris Johnson: "Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down)"
- In reply to: Chris Johnson: "Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jun 2002 08:20:40 -0400 To: freebsd-security@FreeBSD.ORG From: Mark Thomas <thomas@pbegames.com>
At 08:09 AM 6/27/02 -0400, Chris Johnson wrote:
>On Thu, Jun 27, 2002 at 06:54:35AM -0500, D J Hawkey Jr wrote:
> > OpenSSH in RELENG_4_5 (FreeBSD 4.5-RELEASE[-pN]) is OpenSSH_2.9.
> > To reiterate, all that has to be done for this version is turn off
> > "ChallengeResponseAuthentication".
>
>The version in RELENG_4_5 does not have this bug, so you don't even have to
>turn off ChallengeResponseAuthentication to be safe from this particular
>vulnerability. You're safe either way.
If you're running older versions be careful. This option may not exist, and
hupping a server with this in place can cause it to shut itself down,
leaving you with no daemon running.
Mark Thomas
--- thomas@pbegames.com ----> http://www.pbegames.com/~thomas Play by Electron Games -> http://www.pbegames.com Free Trial Games To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Dag-Erling Smorgrav: "Re: Another one?"
- Previous message: Chris Johnson: "Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down)"
- In reply to: Chris Johnson: "Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
