Current workaround (tempfix) is: 1) Locate the "ChallengeResponseAuthentication" line in /etc/ssh/sshd_config (typically) change to :
ChallengeResponseAuthentication no 2) Backup sshd.lrp 3) Restart sshd if running as daemon. (Full information on the mutiple short-term fixes updated on 06/26/2002) http://www.bsdforums.org/forums/showthread.php?threadid=1539 Steve Sobka [EMAIL PROTECTED] ----- Original Message ----- From: "Mike Noyes" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 27, 2002 6:41 AM Subject: Re: [leaf-user] SSHD Flaw > On Thu, 2002-06-27 at 04:33, Philippe Lepot wrote: > > If any of you is running SSHD open to the Internet, a security flaw has been > > made public two days ago: > > http://www.securityspace.com/smysecure/catid.html?id=11031 > > Philippe, > The vulnerability details weren't released until yesterday (26 June). We > will have a new package based on OpenSSH 3.4 available in the near > future. > > ref. Re: [Leaf-devel] OpenSSH security > http://www.mail-archive.com/leaf-devel%40lists.sourceforge.net/msg05052.html > > -- > Mike Noyes <[EMAIL PROTECTED]> > http://sourceforge.net/users/mhnoyes/ > http://leaf-project.org/ > > > > ------------------------------------------------------- > Sponsored by: > ThinkGeek at http://www.ThinkGeek.com/ > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html