LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Is there <i>any</i> Linux distributor who is vulnerable?

Is there <i>any</i> Linux distributor who is vulnerable?

Posted Jun 28, 2002 18:19 UTC (Fri) by JoeBuck (subscriber, #2330)
In reply to: Is there <i>any</i> Linux distributor who is vulnerable? by beejaybee
Parent article: Caldera update for OpenSSH

You clearly misunderstand my point. Debian, Red Hat, Caldera and others were not vulnerable at all to the challenge-response authentication bug, because they did not enable that feature. Same for BSDAuth. That's why I questioned whether they were vulnerable at all; my head is not in the sand. Based on the initial description, it appeared that the vulnerabilities were only in options that the Linux distributors had not enabled.

Similarly, Debian potato has so old a version of ssh that it is not vulnerable either. However, it turns out that the woody version is vulnerable to the PAM/kbdint problem, though there is no known exploit for that one.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds