From owner-freebsd-security  Mon Dec  3 18:28:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web11603.mail.yahoo.com (web11603.mail.yahoo.com [216.136.172.55])
	by hub.freebsd.org (Postfix) with SMTP id D959F37B419
	for <security@freebsd.org>; Mon,  3 Dec 2001 18:28:11 -0800 (PST)
Message-ID: <20011204022811.7604.qmail@web11603.mail.yahoo.com>
Received: from [24.189.82.162] by web11603.mail.yahoo.com via HTTP; Mon, 03 Dec 2001 18:28:11 PST
Date: Mon, 3 Dec 2001 18:28:11 -0800 (PST)
From: Holtor <holtor@yahoo.com>
Subject: OpenSSH Vulnerability
To: security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi!

Is freebsd's SSH vulnerable to this?

http://www.securityfocus.com/archive/1/243430

The advisory says all versions prior to 2.9.9 are
vulnerable and I see sftp-server is on by default in
freebsd's sshd_config and freebsd has version 2.9

Ideas?

Holt

__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message