On jeudi, juin 27, 2002, at 02:12 , Sebastien Maret wrote:
[]
> Apart from that, what is difference with stable versions of OpenSSH?
>
Apple's version in OSX 10.1.5 is at 3.1p1, so it is vulnerable, in
principle, as far as these vulnerabilities go. From its man page
ChallengeResponseAuthentication
Specifies whether challenge response authentication is
allowed.
All authentication styles from login.conf(5) are
supported. The
default is ``yes''.
This seems to correspond to the situation that is considered vulnerable.
Fink always had a slightly more recent version. Until yesterday
3.2.2p1, which is also considered to be vulnerable.
Max, there is another problem with the new package: It has /var in
its file list. When openssh-3.4p1-1 is removed (in order to
downgrade to the older working version), it removes the link
/var->/private/var, and the system is practically dead.
--
Martin
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Fink-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-users
