From owner-freebsd-security  Mon Jun 24 18:33:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [208.210.80.156])
	by hub.freebsd.org (Postfix) with ESMTP
	id A5FD537B401; Mon, 24 Jun 2002 18:33:12 -0700 (PDT)
Received: from blues.jpj.net (localhost.jpj.net [127.0.0.1])
	by blues.jpj.net (8.12.3/8.12.3) with ESMTP id g5P1WrOa019236;
	Mon, 24 Jun 2002 21:32:53 -0400 (EDT)
	(envelope-from trevor@jpj.net)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (8.12.3/8.12.3/Submit) with ESMTP id g5P1WrQw019233;
	Mon, 24 Jun 2002 21:32:53 -0400 (EDT)
X-Authentication-Warning: blues.jpj.net: trevor owned process doing -bs
Date: Mon, 24 Jun 2002 21:32:53 -0400 (EDT)
From: Trevor Johnson <trevor@jpj.net>
To: Theo de Raadt <deraadt@cvs.openbsd.org>
Cc: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: Hogwash 
In-Reply-To: <200206250111.g5P1BVLJ015666@cvs.openbsd.org>
Message-ID: <20020624212639.Q17664-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Theo de Raadt wrote:

> There is an upcoming OpenSSH vulnerability that we're working on with
> ISS.  Details will be published early next week.
>
> However, I can say that when OpenSSH's sshd(8) is running with priv
> seperation, the bug cannot be exploited.

Have other SECSH servers--lsh, FreSSH, SSH Communications'--been tested?
If so, were there any which failed to be vulnerable?
-- 
Trevor Johnson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message