Is there <i>any</i> Linux distributor who is vulnerable?

Posted Jun 28, 2002 18:19 UTC (Fri) by JoeBuck (subscriber, #2330)
In reply to: Is there <i>any</i> Linux distributor who is vulnerable? by beejaybee
Parent article: Caldera update for OpenSSH

You clearly misunderstand my point. Debian, Red Hat, Caldera and others were not vulnerable at all to the challenge-response authentication bug, because they did not enable that feature. Same for BSDAuth. That's why I questioned whether they were vulnerable at all; my head is not in the sand. Based on the initial description, it appeared that the vulnerabilities were only in options that the Linux distributors had not enabled.

Similarly, Debian potato has so old a version of ssh that it is not vulnerable either. However, it turns out that the woody version is vulnerable to the PAM/kbdint problem, though there is no known exploit for that one.