From owner-freebsd-security  Fri Feb  9  7:18:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from kobayashi.uits.iupui.edu (kobayashi.uits.iupui.edu [134.68.5.17])
	by hub.freebsd.org (Postfix) with ESMTP id 5965737B8CD
	for <security@FreeBSD.ORG>; Fri,  9 Feb 2001 07:07:29 -0800 (PST)
Received: from localhost (ajk@localhost)
	by kobayashi.uits.iupui.edu (8.11.1/8.11.1) with ESMTP id f19F7FS22130;
	Fri, 9 Feb 2001 10:07:26 -0500 (EST)
	(envelope-from ajk@iu.edu)
Date: Fri, 9 Feb 2001 10:07:15 -0500 (EST)
From: "Andrew J. Korty" <ajk@iu.edu>
X-X-Sender:  <ajk@kobayashi.uits.iupui.edu>
To: Igor Roshchin <str@giganda.komkon.org>
Cc: <security@FreeBSD.ORG>, <sziszi@petra.hos.u-szeged.hu>
Subject: Re: Is this a problem for us too?
Message-ID: <Pine.BSF.4.32.0102090947580.21756-100000@kobayashi.uits.iupui.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 9 Feb 2001 09:29:27 -0500 (EST), Igor Roshchin wrote:

> > Date: Fri, 9 Feb 2001 11:47:58 +0100
> > From: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>
> >
> > On Fri, Feb 09, 2001 at 09:54:29AM +0000, Rasputin wrote:
> > >
> > > Just noticed a couple of openssh security advisories
> > > on deadly.org:
> > >
> > > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
> > >
> > > Is this openbsd -specific, or related ot any openssh implementation?
> >
> > -CURRENT and -STABLE have 2.3.0 so they are not vulnerable. 3.x stil
> > doesn't have OpenSSH at all AFAIK. The ports have just been marked
> > FORBIDDEN for both ssh and openssh. Something else? No, I think we have
> > covered all bases:-)
> >
>
> Well, I believe such a message, based on some type of "hometown pride",
> could be confusing to some people.
>
> Many people are running earlier releases of 4.x, and they do not have
> 2.3.0   (e.g. 4.0-release has Open-SSH-1.2.2), and therefore are
> probably vulnerable (1) .
> Those who are running 3.5-STABLE and have ssh from the ports collection,
>                           ^^^^^^
> (many people do use ssh) are probably (1) vulnerable as well.

Have we forsaken 4.2-RELEASE already?  It contains OpenSSH 2.2.0.

-- 
Andrew J. Korty, Principal Security Engineer
Office of the Vice President for Information Technology
Indiana University



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message