Date: Tue, 4 Dec 2001 06:10:14 -0500 (EST) From: SecLists <lists@secure.stargate.net> To: Chris Johnson <cjohnson@palomine.net> Cc: Holtor <holtor@yahoo.com>, "security@freebsd.org" <security@freebsd.org> Subject: Re: OpenSSH Vulnerability Message-ID: <Pine.BSO.4.42L0.0112040609180.13776-100000@secure.stargate.net> In-Reply-To: <20011203213708.A88390@palomine.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not sure if you are talking about the freebsd package or the portable source, but a portable source installation enables sftp by default... just did one tonight on Solaris 8, OpenSSH 3.0.2p1 Thanks, shawn On Mon, 3 Dec 2001, Chris Johnson wrote: > On Mon, Dec 03, 2001 at 06:28:11PM -0800, Holtor wrote: > > Is freebsd's SSH vulnerable to this? > > > > http://www.securityfocus.com/archive/1/243430 > > > > The advisory says all versions prior to 2.9.9 are > > vulnerable and I see sftp-server is on by default in > > freebsd's sshd_config > > How do you figure that? I see: > > # Uncomment if you want to enable sftp > #Subsystem sftp /usr/libexec/sftp-server > > in my /etc/ssh/sshd_config file, and the sshd man page says, "By default no > subsystems are defined." > > Chris Johnson > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE8DK8d3Qw8DHute6kRApomAJ4i6ZtN0NUBvTI3gzon87Tai2G+pwCglqo9 Y8hNXjxgtmkxwGpqLXYd9jc= =LT06 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.42L0.0112040609180.13776-100000>