Hewlett-Packard Company Information for VU#369347
OpenSSH vulnerabilities in challenge response handling
- Vendor Information Help Date Notified: 24 Jun 2002
- Statement Date:
- Date Updated: 16 Jul 2002
HP has issued a security bulletin (HPSBUX0206-195) for HP 9000 Servers running HP-UX release 11.00 and 11.11 only with the T1471AA SSH product installed.
It says in part:
- As a short-term solution, disable PAMAuthenticationViaKbdInt in the sshd_config file; i.e.,
- PAMAuthenticationViaKbdInt no
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett-Packard published security bulletins HPSBUX0206-195 and HPSBTL0207-050 on this issue.
If you have feedback, comments, or additional information about this vulnerability, please send us email.