On Wed, Jun 26, 2002 at 04:43:40PM +0200, Christoph Wegener wrote:
What about the SuSE OpenSSH builts concerning this advisory?!?
I just read this, and I'm not sure how to interpret it. If this is true, and this is the only vulnerability known at this time, then SuSE Linux boxes in their default configuration haven't been vulnerable to this, because the sshd_config file we ship has "ChallengeResponseAuthentication no" in it. Which means this whole show had little purpose other than being another dubious political stunt of a certain individual. If that is the case, we apologize for wasting your time and resources. We are inclined however to wait for a public statement from the OpenBSD team before we decide how to proceed (i.e. whether we're going to wait for 3.4, or back down to 2.9.9 with a fix). Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann