Date: Thu, 22 Jan 2004 11:49:48 -0800 From: Dave Tweten <tweten@nas.nasa.gov> To: freebsd-stable@freebsd.org Subject: OpenSSH Vulnerable Prior to 3.7.1 Message-ID: <2721.1074800988@gilmore.nas.nasa.gov>
next in thread | raw e-mail | index | archive | help
I just received a computer security bulletin from another (reliable) source stating that there are indications of an exploit in the wild for versions of OpenSSH prior to 3.7.1. It says the exploit can produce denial of service or administrative control of the target system. Sshd on my FreeBSD-STABLE system from last Saturday says it is version 3.5p1. I understand that FreeBSD patches old versions of OpenSSH instead of substituting new ones, but my question is whether sshd version "OpenSSH_3.5p1 FreeBSD-20030924" has these vulnerabilities fixed. Is it as secure as OpenSSH 3.7.1? -- M/S 258-5 |1024-bit PGP fingerprint:|tweten@nas.nasa.gov NASA Ames Research Center | 41 B0 89 0A 8F 94 6C 59| (650) 604-4416 Moffett Field, CA 94035-1000| 7C 80 10 20 25 C7 2F E6|FAX: (650) 604-4377 Not an official NASA position. You can't even be certain who sent this!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2721.1074800988>