This question relates to CVE-2015-8325.
Asked
Active
Viewed 3,563 times
1
-
1My guess would be: it depends on the distribution. – Gerald Schneider Nov 02 '16 at 14:59
1 Answers
1
UseLogin option is disabled by default in OpenSSH for many years and I don't know about any distribution that would like to use this fail-prone and limited method of authentication, when there are much better implemented in OpenSSH (PAM, ...).
Therefore the resolution in RHEL -- the packages are affected, but not vulnerable with default (and sane) configuraiton.
Jakuje
- 9,715
- 2
- 42
- 45