On Thu, 27 Jun 2002, John Summerfield wrote: > > > > > > The 6.2 version is commented out, but the 'no' value is what is commented > > > out.... > > > > > > > According to some folks on Slashdot and Valhalla-list, they think Red > > Hat 7.x is not vulnerable to this exploit because it doesn't appear to > > have used that compile time option. > > > > Can anyone confirm this? > > I don't know just why, but MY 7.3 isn't volnerable. It has > /etc/ssh/sshd_config:ChallengeResponseAuthentication no > > Just why, I don't know - maybe I changed something, maybe it arrived > that way. > > This particular box was installed as 6.2 then upgraded to 7.1 and/or 7.2 > then 7.2 Redhat 6.2 had ChallengeResponseAuthentication = no, but that line is commented out by default. Does anyone from RedHat have any comment on this? -- Craig Kelley -- kellcrai@isu.edu -- This document is rot26-encoded, and protected from being read by the DMCA and all other WIPO treaty nations. http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@redhat.com https://listman.redhat.com/mailman/listinfo/redhat-devel-list
