No subject
Thu Apr 25 10:42:02 EDT 2019
---
DDDD David Kramer http://thekramers.net
DK KD "In a time of drastic change it is the learners who inherit
DKK D the future. The learned usually find themselves equipped to
DK KD live in a world that no longer exists."
DDDD - Eric Hoffer (1902-1983)
---------- Forwarded message ----------
Date: Wed, 26 Jun 2002 13:21:12 -0500 (CDT)
Reply-To: redhat-list at redhat.com
To: redhat-list at redhat.com
Subject: [REDHAT] Re: OpenSSH bug workaround *NOT NEEDED*
On 26 Jun 2002, Gordon Messmer wrote:
> On Wed, 2002-06-26 at 09:05, M A Young wrote:
> > In case people haven't seen it, according to
> > http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584
> > You can secure your system from the recent ssh security hole by turning
> > off "challenge-response" authentication and restarting sshd.
>
> Reviewing the announcement, I wonder if this affects Red Hat's OpenSSH
> at all... The output of the configure process indicates positively that
> the affected BSD Auth and S/KEY authentication mechanisms are not
> available (see below), and connecting to a RHL machine with 'ssh -v'
> does not indicate that any challenge-response authentication mechanisms
> are available.
The "bug" does not appear to affect Redhat supplied OpenSSH, neither S/KEY
not BSD Auth is configured.
Gordon is correct as far as I can tell, THERE IS NO VUNLERABILITY for
Redhat supplied OpenSSH for this particular issue. There is NO NEED to
upgrade yet. I've heard of at least one possible hole in the 3.3 version
(sorry, lost the link) so don't upgrade blindly.
I haven't grabbed a SRPM yet to absolutely verify this, but I will do so
and I would expect an announcement from Redhat soon as well.
Later,
Bill Carlson
--
Systems Programmer wcarlson at vh.org | Anything is possible,
Virtual Hospital http://www.vh.org/ | given time and money.
University of Iowa Hospitals and Clinics |
Opinions are mine, not my employer's. |
_______________________________________________
Redhat-list mailing list
Redhat-list at redhat.com
https://listman.redhat.com/mailman/listinfo/redhat-list
More information about the Discuss
mailing list