OpenSSH 4.4 was released and mentions: * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms.
Created attachment 151314 [details] Backport of a patch from 4.4.p1
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Fixed in openssh-4.3p2-21.el5 in dist-5E-lspp.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0540.html