Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Jason R Thorpe <firstname.lastname@example.org>
From: None <email@example.com>
Date: 06/27/2002 13:21:25
>It's completely absurd that the OpenSSH people recommended blind upgrades
>to a PrivSep version of OpenSSH, rather than just suggesting to people that
>they disable ChallengeResponseAuthentication. I guess they're not so "Open"
my guess - ChalRespAuth workaround was not mentioned in the first
"no fix yet" advisory, as disclosing it will disclose how to attack