APM: Critical Exploit

[Hrunting]

On Wed, 26 Jun 2002, Dennis Moore wrote:

: On Wed, Jun 26, 2002 at 10:57:16AM -0500, Wayne Walker wrote:
: > OK,
: > There is a critical exploit in ssh.  I don't know details, I heard it as
: > a rumor yesterday.
: 
: openssh, actually.
: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584
: 
: openbsd finally had to change their motto!

You don't need to update your openssh, as far as I can tell.  You just
need to turn off ChallengeResponseAuthentication
(ChallengeResponseAuthentication no).  As long as that's not enabled,
you're cool.  OpenBSD had it enabled by default (as do must SSH
installations).