Is there a fix available for CAN-2003-0190
Darren Tucker
dtucker at zip.com.au
Tue Dec 21 22:28:23 EST 2004
Logu wrote:
> Is there a fix available from openssh for the reported vulnerability
> when pam is enabled.
> http://www.securityfocus.com/bid/11781
You will need to apply both patches. The first patch
(openbsd-sshd-kbdint-leak) affects more than PAM, it affects all other
challenge-response authentications too so it needs wider testing.
Alternatively, for 3.9p1 set "ChallengeResponseAuthentication no" and
"PasswordAuthentication yes" in sshd_config (and restart sshd, obviously).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openbsd-sshd-kbdint-leak.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041221/937fca15/attachment.ksh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-pam-kbdint-leak.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041221/937fca15/attachment-0001.ksh
More information about the openssh-unix-dev
mailing list