Re: Fw: ISS Advisory: OpenSSH Remote Challenge Vulnerability

To: Jason Lim <maillist@jasonlim.com>
Cc: debian-isp@lists.debian.org
Subject: Re: Fw: ISS Advisory: OpenSSH Remote Challenge Vulnerability
From: "Jeremy C. Reed" <reed@wcug.wwu.edu>
Date: Wed, 26 Jun 2002 10:28:51 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.21.0206261025070.19864-100000@sloth.wcug.wwu.edu>
In-reply-to: <[🔎] 005b01c21d32$eebf9b20$4893adcb@zentekgateway>

On Thu, 27 Jun 2002, Jason Lim wrote:

> Do you all know how Debian's progress is regarding this? We are starting

Debian already released announcement and made new packages available for
upgrading OpenSSH for UsePrivilegeSeparation support. I assume that the
security.debian.org will have new 3.4 soon.

> > ChallengeResponseAuthentication no

It is interesting to note that it appears that the ssh 1.2.3-9.4 used with
stable wasn't even vulnerable. (But I guess it is a good idea to have a
chrooted, unprivileged child process to deal with the ssh connection
before authentication.)

  Jeremy C. Reed
....................................................
     BSD software, documentation, resources, news...
     http://bsd.reedmedia.net/

-- 
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Fw: ISS Advisory: OpenSSH Remote Challenge Vulnerability
  - From: "Jason Lim" <maillist@jasonlim.com>

Prev by Date: Fw: ISS Advisory: OpenSSH Remote Challenge Vulnerability
Next by Date: OpenSSH 3.4 released... should FIX problems
Previous by thread: Fw: ISS Advisory: OpenSSH Remote Challenge Vulnerability
Next by thread: OpenSSH 3.4 released... should FIX problems
Index(es):
- Date
- Thread