Question regarding the recent OpenSSH security vulnerabilities.
From: Akop Pogosian (akopps+usenet@ocf.berkeley.edu)Date: 06/27/02
- Next message: Mike Iglesias: "Re: Upcoming OpenSSH vulnerability"
- Previous message: steve s.: "Re: Upcoming OpenSSH vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Akop Pogosian <akopps+usenet@ocf.berkeley.edu> Date: Wed, 26 Jun 2002 22:28:05 +0000 (UTC)
Today's ISS Advisory about OpenSSH Remote Challenge Vulnerability they
say at some point:
"OpenSSH supports the SKEY and BSD_AUTH authentication options. These
are compile-time options. At least one of these options must be
enabled before the OpenSSH binaries are compiled for the vulnerable
condition to be present."
Since neither BSD_AUTH nor SKEY options are enabled by default when
compiling openssh-3.1p1 on Solaris and possibly other operating
systems, it seems to me that the default install of openssh-3.1p1 on
non-*BSD operating system is not vulnerable to this problem. Am I
correct here? I also downloaded and checked the openssh SRPM for
RedHat Linux 7.2 and it does not seem to enable those options either.
-- Akop PogosianThis space has been accidentally left blank.
- Next message: Mike Iglesias: "Re: Upcoming OpenSSH vulnerability"
- Previous message: steve s.: "Re: Upcoming OpenSSH vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
