Madeinlinux Advisory: opensshJun 28, 2002, 14:16 (0 Talkback[s])
Openssh versions between 2.9.9 and 3.3 contain a bug in the ChallengeResponseAuthentication code. This bug can be exploited remotely if ChallengeResponseAuthentication is enabled in sshd_config.
New openssh packages are available for Madeinlinux.
New Madeinlinux packages have been released for openssh-3.4p1. openssh-3.4p1 fixes an openssh bug that can be remotely exploitable (cfr. http://www.openssh.com/txt/preauth.adv)
The new packages can be found at these URLs:
Packages for Madeinlinux 4.0SE (glibc 2.1):
Packages for Madeinlinux 5.0 (glibc 2.2)
0 Talkback[s] (click to add your comment)