#962 closed defect (invalid)
UPDATE: openssh 3.7.1p2 for PAM fix
| Reported by: | charlie@… | Owned by: | macports-tickets@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.0 |
| Keywords: | Cc: | fkr@… | |
| Port: |
Description
Attachments (1)
Change History (4)
Changed 21 years ago by charlie@…
comment:1 Changed 21 years ago by bbraun@…
I'm curious, why do you think this is necissary, or a good idea? The vulnerability lists the following requirements for this to be exploitable: 1) Must be running 3.7 or later 2) Must be built with PAM 3) Must have privsep off. 4) Must have ssh v1 enabled 5) Must have ChallengeResponseAuthentication enabled
Note that requirements 1 and 3 are not met on OS X or OpenDarwin.
comment:2 Changed 21 years ago by charlie@…
I welcome any comments :)
We were running a patched 3.6.1 until now. We build with PAM by default (as does Apple). I am not in charge of what people enable in thier sshd_config. What's wrong with keeping things current? It's certainly good advertising for dports, IMO.
comment:3 Changed 21 years ago by charlie@…
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
This does not work.
Note: See
TracTickets for help on using
tickets.
patch ahoi