 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
--- DDDD David Kramer http://thekramers.net DK KD "In a time of drastic change it is the learners who inherit DKK D the future. The learned usually find themselves equipped to DK KD live in a world that no longer exists." DDDD - Eric Hoffer (1902-1983) ---------- Forwarded message ---------- Date: Wed, 26 Jun 2002 13:21:12 -0500 (CDT) Reply-To: redhat-list at redhat.com To: redhat-list at redhat.com Subject: [REDHAT] Re: OpenSSH bug workaround *NOT NEEDED* On 26 Jun 2002, Gordon Messmer wrote: > On Wed, 2002-06-26 at 09:05, M A Young wrote: > > In case people haven't seen it, according to > > http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 > > You can secure your system from the recent ssh security hole by turning > > off "challenge-response" authentication and restarting sshd. > > Reviewing the announcement, I wonder if this affects Red Hat's OpenSSH > at all... The output of the configure process indicates positively that > the affected BSD Auth and S/KEY authentication mechanisms are not > available (see below), and connecting to a RHL machine with 'ssh -v' > does not indicate that any challenge-response authentication mechanisms > are available. The "bug" does not appear to affect Redhat supplied OpenSSH, neither S/KEY not BSD Auth is configured. Gordon is correct as far as I can tell, THERE IS NO VUNLERABILITY for Redhat supplied OpenSSH for this particular issue. There is NO NEED to upgrade yet. I've heard of at least one possible hole in the 3.3 version (sorry, lost the link) so don't upgrade blindly. I haven't grabbed a SRPM yet to absolutely verify this, but I will do so and I would expect an announcement from Redhat soon as well. Later, Bill Carlson -- Systems Programmer wcarlson at vh.org | Anything is possible, Virtual Hospital http://www.vh.org/ | given time and money. University of Iowa Hospitals and Clinics | Opinions are mine, not my employer's. | _______________________________________________ Redhat-list mailing list Redhat-list at redhat.com https://listman.redhat.com/mailman/listinfo/redhat-list
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
