Date: Tue, 07 Jul 2009 17:52:17 -0700 From: FreeBSD Security Officer <cperciva@freebsd.org> To: freebsd security <freebsd-security@freebsd.org> Subject: rumours of openssh vulnerability Message-ID: <4A53EDC1.4040506@freebsd.org>
next in thread | raw e-mail | index | archive | help
Hi all, There are rumours flying around about a supposed vulnerability in OpenSSH. Two details which I've seen mentioned many times are (a) that this exploit was used to break into a RedHat system running OpenSSH 4.3 plus backported security patches, and (b) that "recent" versions of OpenSSH are not affected; but it's not clear if there is any basis for these rumours. Given the almost complete lack of information here, there obviously will not be a FreeBSD security advisory forthcoming until we know more. As such, I can only recommend that the standard advice be followed: Use a firewall to limit who can access OpenSSH; and make sure that you are running a supported FreeBSD release. If anyone has any concrete information concerning this, please contact the FreeBSD security team at <secteam@FreeBSD.org>. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A53EDC1.4040506>