Date: Mon, 3 Dec 2001 21:37:08 -0500 From: Chris Johnson <cjohnson@palomine.net> To: Holtor <holtor@yahoo.com> Cc: security@freebsd.org Subject: Re: OpenSSH Vulnerability Message-ID: <20011203213708.A88390@palomine.net> In-Reply-To: <20011204022811.7604.qmail@web11603.mail.yahoo.com>; from holtor@yahoo.com on Mon, Dec 03, 2001 at 06:28:11PM -0800 References: <20011204022811.7604.qmail@web11603.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 03, 2001 at 06:28:11PM -0800, Holtor wrote: > Is freebsd's SSH vulnerable to this? >=20 > http://www.securityfocus.com/archive/1/243430 >=20 > The advisory says all versions prior to 2.9.9 are > vulnerable and I see sftp-server is on by default in > freebsd's sshd_config How do you figure that? I see: # Uncomment if you want to enable sftp #Subsystem sftp /usr/libexec/sftp-server in my /etc/ssh/sshd_config file, and the sshd man page says, "By default no subsystems are defined." Chris Johnson --jI8keyz6grp/JLjh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8DDbTyeUEMvtGLWERAkc2AJ9QupZJ7or36BNawhlaeOdNuAq6fgCdG4Qo BjKTtrZIGxkdEew0Dx47vmU= =24S1 -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011203213708.A88390>