OK, so now that half the freebsd-security list has enlightened me as to what
YMMV means and where it came from, I know you guys are reading this list,
however, no one bothered to mention why even though openssh's statement says
that freebsd has a problem with the version of ssh out there, FreeBSD
actually doesn't. Could someone please point me to a specific ref. as to
why freebsd's implementation of ssh is ok? I know I'm paranoid. Thanks.

From:
http://openssh.org/txt/preauth.adv

2. Impact:

        This bug can be exploited remotely if
                ChallengeResponseAuthentication
        is enabled in sshd_config. This option is enabled
        by default on OpenBSD and other systems.

        Affected are at least systems supporting s/key over
        SSH protocol version 2 (OpenBSD, FreeBSD and NetBSD
        as well as other systems supporting s/key with SSH).
        Exploitablitly of systems using
                PAMAuthenticationViaKbdInt
        has not been verified.

Thanks for the help and the enlightening reasons of what YMMV means,

Here's a good one

Your Memory Might Vanish :)

(it's: Your Milage May Vary)

And another with a nice explanation.
YMMV = "your mileage may vary"

   A statement often made in advertising by
American automobile manufacturers stating
that fuel economy in miles/gallon is variable
according to driving habits, type of fuel, etc.,
etc.,

This has come to mean "I found this to be true,
but you may not..."

Thanks again for your help guys!

Peter Brezny
Skyrunner.net

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]