From: Emmanuel E. <ee...@fr...> - 2002-06-27 00:51:14
|
Hello all, I get this info from SuSE secutity mailing list : ISS and the OpenSSH team just released advisories concerning the OpenSSH vulnerability. These advisories state that the vulnerability exists only if the package has been compiled with support for S/Key or BSDAUTH authentication. Inspecting the patches included in the OpenSSH advisory however show that there is a second vulnerability that can be exploited when interactive keyboard mode is enabled (via the PAMAuthenticationViaKbdInt option in sshd_config). Is the Devil-linux version of openssh compiled with these options in 0.5b6 ? and in 0.5rc1 ? Thank you for this great work, i Love DL ! MaNU |
From: Heiko Z. <he...@zu...> - 2002-06-27 02:20:54
|
On Thu, 27 Jun 2002 02:51:48 +0200 "Emmanuel ESCARABAJAL" <ee...@fr...> wrote: > Is the Devil-linux version of openssh compiled with these options in > 0.5b6 ? and in 0.5rc1 ? No. We use none of this options, so you're on the safe side! -- cu Heiko We are Penguin, Resistance is futile! http://www.devil-linux.org |