Contributed by grey on from the still secure by default, but check your configurations dept.
Though this doesn't affect OpenBSD users by default, for those using OpenSSH with the "AllowTcpForwarding" option enabled, and who are using AnonCVS you should read this advisory.
If you check /etc/ssh/sshd_config you'll see that the line reading: #AllowTcpForwarding yes while defaulted to yes is actually commented out, however, I have been corrected by mjc & Brad Smith that this only reflects that the default is that this option is enabled, this is clarified in the sshd_config file:
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value.However, a CVS server isn't running by default with OpenBSD, but this warning is still worth reading for those who may be using these tools in such an environment. You'll note from reading the advisory that OpenBSD's CVS servers have been reconfigured so as to avoid this issue since being notified.
(Comments are closed)