On 26 Jun 2002, Warren Togami wrote:
> On Wed, 2002-06-26 at 09:52, Craig Kelley wrote:
> > On Wed, 26 Jun 2002, Dan Hollis wrote:
> >
> > > On Wed, 26 Jun 2002, Craig Kelley wrote:
> > > > I know you're all probably aware of this by now, but a serious hole is in
> > > > all versions of OpenSSH
Craig Kelley ([EMAIL PROTECTED]) said:
> Redhat 6.2 had ChallengeResponseAuthentication = no, but that line is
> commented out by default.
>
> Does anyone from RedHat have any comment on this?
Red Hat never shipped OpenSSH in Red Hat Linux 6.2 (or earlier.)
Bill
___
On Thu, 27 Jun 2002, John Summerfield wrote:
>
> >
> > > The 6.2 version is commented out, but the 'no' value is what is commented
> > > out
> > >
> >
> > According to some folks on Slashdot and Valhalla-list, they think Red
> > Hat 7.x is not vulnerable to this exploit because it doesn
>
> > The 6.2 version is commented out, but the 'no' value is what is commented
> > out
> >
>
> According to some folks on Slashdot and Valhalla-list, they think Red
> Hat 7.x is not vulnerable to this exploit because it doesn't appear to
> have used that compile time option.
>
> Can an
On Wed, 2002-06-26 at 09:52, Craig Kelley wrote:
> On Wed, 26 Jun 2002, Dan Hollis wrote:
>
> > On Wed, 26 Jun 2002, Craig Kelley wrote:
> > > I know you're all probably aware of this by now, but a serious hole is in
> > > all versions of OpenSSH shipped with all versions of RedHat:
> > > http
On Wed, 26 Jun 2002, Dan Hollis wrote:
> On Wed, 26 Jun 2002, Craig Kelley wrote:
> > I know you're all probably aware of this by now, but a serious hole is in
> > all versions of OpenSSH shipped with all versions of RedHat:
> > http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-
On Wed, 26 Jun 2002, James Olin Oden wrote:
> >
> >
> > I know you're all probably aware of this by now, but a serious hole is in
> > all versions of OpenSSH shipped with all versions of RedHat:
> >
> > http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
> This was, acc
On Wed, 26 Jun 2002, Dan Hollis wrote:
> On Wed, 26 Jun 2002, Craig Kelley wrote:
> > I know you're all probably aware of this by now, but a serious hole is in
> > all versions of OpenSSH shipped with all versions of RedHat:
> > http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-0
On Wed, 26 Jun 2002, Craig Kelley wrote:
> I know you're all probably aware of this by now, but a serious hole is in
> all versions of OpenSSH shipped with all versions of RedHat:
> http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
does any redhat ship with 'ChallengeRes
No, not all of us knew about this one...
An SSH overflow bug? Gee Whiz?! You'd have thought over-flow bugs would
have been stamped out LONG ago?! -sigh-
This has me a little concerned and I'd appreciate a confirmation of
something, please...
A while back I recall, though only vaguely, that my
>
>
> I know you're all probably aware of this by now, but a serious hole is in
> all versions of OpenSSH shipped with all versions of RedHat:
>
> http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
This was, according to Theo De Raadt, not supposed to come out till afte
"Bert Vortman" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> I was trying to install openssh from rawhide,
> it asked for libcrypto.so.3...
> somewhere else?), or should i recompile openssh?
Recompile (rebuild from the src.rpm).
--
Rex Dieter
Comput
On Thu, Feb 14, 2002 at 08:49:01AM -0500, Bert Vortman wrote:
> I was trying to install openssh from rawhide,
> it asked for libcrypto.so.3, which should be present in
> glibc, but is not. Am i missing something here (is libcrypt moved
> somewhere else?), or should i recompile openssh?
The pac
> On Mon, Jul 24, 2000 at 12:09:31PM +0200, Bernhard Rosenkraenzer wrote:
> > > What about the regular ssh?
> >
> > No way. Its license sucks and it doesn't have any advantages over
> > current versions of OpenSSH.
>
> It has. It's long out in the field.
Since they represent forks of the same o
On Mon, 24 Jul 2000, Chris Abbey wrote:
>Date: Mon, 24 Jul 2000 16:44:21 -0500
>From: Chris Abbey <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: OpenSSH/SSL
>
>At 13:25 7/24/00 +0200, Daniel Roesen <[EMAIL PROTECTED]> wrote:
>>It has. It's long
At 13:25 7/24/00 +0200, Daniel Roesen <[EMAIL PROTECTED]> wrote:
>It has. It's long out in the field.
umm... ok, like what for instance? I spent about two weeks doing a comparison
and I couldn't find anything in ssh that OpenSSH didn't do, I'm curious what
I missed.
now the forces of openness
On Mon, 24 Jul 2000, Bernhard Rosenkraenzer wrote:
>Date: Mon, 24 Jul 2000 12:09:31 +0200 (CEST)
>From: Bernhard Rosenkraenzer <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: OpenSSH/SSL
>
>On Mon, 24 Jul 2000, Mike A. Harris wrote:
>
>> Any consideratio
On Mon, Jul 24, 2000 at 12:09:31PM +0200, Bernhard Rosenkraenzer wrote:
> > What about the regular ssh?
>
> No way. Its license sucks and it doesn't have any advantages over
> current versions of OpenSSH.
It has. It's long out in the field.
Best regards,
Daniel (still using ssh 1.2.27)
On Mon, 24 Jul 2000, Mike A. Harris wrote:
> Any consideration being made of including OpenSSH and OpenSSL to
> RawHide?
The RSA patent still prevents us from doing this - but fortunately it will
be expiring later this year.
Right now, check ftp://ftp.redhat.de/pub/rh-addons/security.
> What a
On Mon, 24 Jul 2000, Mike A. Harris wrote:
> Any consideration being made of including OpenSSH and OpenSSL to
> RawHide? What about the regular ssh? Since the crypto relaxo
> has occured, and there are now crypto products in RH, it would be
> nice to have SSH included by default as well as SSL.
20 matches
Mail list logo
