OpenSSH Security Advisory (adv.iss)

Bob Van Cleef vancleef at microunity.com
Thu Jun 27 09:48:05 EST 2002


On 27 Jun 2002, Damien Miller wrote:

> On Thu, 2002-06-27 at 03:44, Bob Van Cleef wrote:
> > Question:  If ChallengeResponseAuthentication is set to 'no' in
> > sshd_config, can the bug be exploited in OpenSSH_3.1p1?  
> 
> No, but there are other fixes so you should upgrade anyway.
> 
> -d
> 

Thanks

Unfortunately my SunOS 4.1.4 build is having severe problems.  Tons of
redefines and problems with _memmove.  Most likely all related to the age
of the compiler ( 2.7.2 ).

I'll disable that stuff until I can get a working build.  Sigh... one
day I will retire those beasts. /grin

Bob




More information about the openssh-unix-dev mailing list