Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
From: Simon Waters <Simon@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Jun 2002 14:02:04 +0100
Reply-to: list@xxxxxxxxxxxx

Adrian Midgley wrote:


SuSE report that their version does not have the relevant (holey)
authentication method compiled in as standard, so OK for this one.  Good.

Anyone know about SUN Cobalt Raq Linux yet?


I think the HP-UX advisory sums it up nicely, "disable
challengeResponse, disable KeyboardIntAuth, and await 3.4" sums
up the approach nicely, now if they had said that at first Zozo
could have got more sleep this week, he always sounds like he
needs more.

Oh and a mod_ssl bug in Apache made it to BugTraq - only
relevant to people who share Apache instances between clients if
I read it right - it never rains but it pours.

Perhaps Theo will give me a job patching things.

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
- From: Theo Zourzouvillys

References:
- [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
  - From: Theo Zourzouvillys
- Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
  - From: Adrian Midgley

Prev by Date: Re: [LUG] Dr Midgley
Next by Date: Re: [LUG] Dr Midgley
Previous by thread: Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
Next by thread: Re: [LUG] ISS Advisory: OpenSSH Remote Challenge Vulnerability
Index(es):
- Date
- Thread

Lynx friendly