Date: Mon, 3 Dec 2001 19:57:11 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Holtor <holtor@yahoo.com> Cc: <security@FreeBSD.ORG> Subject: Re: OpenSSH Vulnerability Message-ID: <20011203195401.M16958-100000@localhost> In-Reply-To: <20011204022811.7604.qmail@web11603.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Dec 2001, Holtor wrote: > The advisory says all versions prior to 2.9.9 are > vulnerable and I see sftp-server is on by default in > freebsd's sshd_config and freebsd has version 2.9 > > Ideas? no, it's not. OpenSSH was patched against this a while ago. my understanding is that FreeBSD's version was patched not all that long ago. the temporary fix was to close off sftp. with the upgrade, the "bad behaviour" was fixed. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011203195401.M16958-100000>