I get this info from SuSE secutity mailing list :
ISS and the OpenSSH team just released advisories concerning the
OpenSSH vulnerability. These advisories state that the vulnerability
exists only if the package has been compiled with support for S/Key
or BSDAUTH authentication. Inspecting the patches included in the
OpenSSH advisory however show that there is a second vulnerability that
can be exploited when interactive keyboard mode is enabled (via the
PAMAuthenticationViaKbdInt option in sshd_config).
Is the Devil-linux version of openssh compiled with these options in
0.5b6 ? and in 0.5rc1 ?
Thank you for this great work, i Love DL !
On Thu, 27 Jun 2002 02:51:48 +0200
"Emmanuel ESCARABAJAL" <eescar@...> wrote:
> Is the Devil-linux version of openssh compiled with these options in
> 0.5b6 ? and in 0.5rc1 ?
We use none of this options, so you're on the safe side!
We are Penguin, Resistance is futile!
Get latest updates about Open Source Projects, Conferences and News.