APM: Critical Exploit

Hrunting hrunting at texas.net
Thu Jun 27 09:10:45 CDT 2002

On Wed, 26 Jun 2002, Dennis Moore wrote:

: On Wed, Jun 26, 2002 at 10:57:16AM -0500, Wayne Walker wrote:
: > OK,
: > There is a critical exploit in ssh.  I don't know details, I heard it as
: > a rumor yesterday.
: openssh, actually.
: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584
: openbsd finally had to change their motto!

You don't need to update your openssh, as far as I can tell.  You just
need to turn off ChallengeResponseAuthentication
(ChallengeResponseAuthentication no).  As long as that's not enabled,
you're cool.  OpenBSD had it enabled by default (as do must SSH

More information about the Austin mailing list