Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
From: Simon Waters <Simon@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Jun 2002 17:47:03 +0100
Reply-to: list@xxxxxxxxxxxx

Theo Zourzouvillys wrote:


so it turns out if you have ChallengeResponseAuthentication set to no, SSH
ain't vunrable


Grr - that'll do as a fix on the other machine till Mandrake
catch up.

I'm curious though - shutting down unused authentication
mechanism sounds a good idea - but I don't want to become too
much of a OpenSSH guru to secure it.

Anyone seen a good explanation?

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

References:
- [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
  - From: Theo Zourzouvillys

Prev by Date: Re: [LUG] Idle chatter Re: my spelling sucks like openssh 3.3p1 (Re: openssh 3.3p1 sucks badly Re: [LUG] OpenSSH Vunrability)
Next by Date: Re: Mail Issues (was [LUG] OpenSSH Vunrability)
Previous by thread: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
Next by thread: Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
Index(es):
- Date
- Thread

Lynx friendly