Check if J-PAKE enabled?

Discussion:

(too old to reply)

Rafalski, Doug R (N-The SI)

2011-01-13 16:36:57 UTC

Reading the vulnerability related to J-PAKE (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478) it seems J-PAKE support is experimental and not normally enabled. Is there an easy way to verify this from a running instance?

Specifically I want to check that a server running 5.6p1 in cygwin (the currently available pre-compiled version) does not have it enabled.

Joachim Thuau

2011-01-13 23:37:56 UTC

Permalink

You should be able to cross reference your existing build with the source from cygwin here:

http://cygwin.com/packages/openssh/

and

ftp://ftp.cygwin.com/pub/cygwin/release/openssh/

and verify if it's enabled or not, and even if it's enabled, if a fix has been included.
(the makefile should have pretty good descriptions of what options were used for the binary package).

Thanks,
Jok

1 Reply
21 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

Rafalski, Doug R (N-The SI) 2011-01-13 16:36:57 UTC

Joachim Thuau 2011-01-13 23:37:56 UTC

about - legalese