From owner-freebsd-security  Wed Jun 26 18:39: 2 2002
Delivered-To: freebsd-security@freebsd.org
Received: from bluenugget.net (bluenugget.net [64.32.175.43])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2683437D9CA; Wed, 26 Jun 2002 18:08:55 -0700 (PDT)
Received: from [192.168.4.154] (sf-gw.epylon.com [63.93.9.98])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by bluenugget.net (Postfix) with ESMTP
	id 655CE1371D; Wed, 26 Jun 2002 18:10:33 -0700 (PDT)
Date: Wed, 26 Jun 2002 18:08:42 -0700
From: Jason DiCioccio <geniusj@bluenugget.net>
Reply-To: Jason DiCioccio <geniusj+categories.replies@bluenugget.net>
To: chris@aims.com.au, rwatson@FreeBSD.ORG
Cc: freebsd-security@FreeBSD.ORG
Subject: RE: Wow
Message-ID: <2147483647.1025114921@[192.168.4.154]>
In-Reply-To: <012e01c21d6c$e16ce9c0$020aa8c0@aims.private>
References:  <012e01c21d6c$e16ce9c0$020aa8c0@aims.private>
X-Mailer: Mulberry/3.0.0a3 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



--On Thursday, June 27, 2002 9:54 AM +1000 Chris Knight <chris@aims.com.au> 
wrote:

[snip]
> Isn't the merge a little bit hasty? According to the advisory, the
> least intrusive change to -STABLE would be to uncomment the
> ChallengeResponseAuthentication in /usr/src/crypto/openssh/sshd_config.
> The PAM issues appear to only be in 2.9.9+.
> Also, my understanding of the advisory is that the exploit hasn't been
> fixed - it's just that Privilege Separation will limit the exploit to
> a chrooted environment with minimal permissions.
> Please correct me if I'm wrong.

3.4 is patched.  I'm not sure if they're still doing 3.3p1 for -STABLE, but 
I wouldn't think so.  If 3.4 will be the new version in FreeBSD, then that 
will patch this bug and some other while providing the benefit of privsep 
in addition.

Cheers,
-JD-

--
Jason DiCioccio     - jd@bluenugget.net  - Useless .sig
Open Domain Service - geniusj@ods.org    - http://www.ods.org/
Ruby                - jd@ruby-lang.org   - http://www.ruby-lang.org/

PGP Fingerprint - C442 04E2 26B0 3809 8357  96AB D350 9596 0436 7C08

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message