From owner-freebsd-questions@FreeBSD.ORG Thu Sep 18 05:18:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D16616A4E3 for ; Thu, 18 Sep 2003 05:18:25 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 458D043FE1 for ; Thu, 18 Sep 2003 05:18:21 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h8ICH1eC027496 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 Sep 2003 13:18:16 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h8ICH17A027495; Thu, 18 Sep 2003 13:17:01 +0100 (BST) (envelope-from matthew) Date: Thu, 18 Sep 2003 13:17:01 +0100 From: Matthew Seaman To: McClain Looney Message-ID: <20030918121701.GD59821@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , McClain Looney , freebsd-questions@freebsd.org References: <200309172042.39766.m@loonsoft.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bajzpZikUji1w+G9" Content-Disposition: inline In-Reply-To: <200309172042.39766.m@loonsoft.com> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-11.5 required=5.0 tests=AWL,BAYES_01,EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT autolearn=ham version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-questions@freebsd.org Subject: Re: sshd patch X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 12:18:25 -0000 --bajzpZikUji1w+G9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 17, 2003 at 08:42:39PM -0500, McClain Looney wrote: > Hello, >=20 > I followed the instructions to patch my sshd for SA03:12, only to find my= =20 > version string still doesn't match the one in the advisory. >=20 > Am I correct in assuming it should read OpenSSH_3.5p1 FreeBSD-20030917 ? >=20 > It currently reads SSH-1.99-OpenSSH_3.5p1 FreeBSD-20030201. What could b= e=20 > causing this? Is a make clean required before the depend? The patches (eg. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch) as described in the advisory are intended to be the minimum required in order to fix the vulnerability. That's done so that the same patches can be applied to as many different versions of FreeBSD as possible. Consequently, they don't modify the version numbers either in the $FreeBSD$ CVS tags or of OpenSSH it self (in src/crypto/openssh/version.h). You can tell that just be a simple eyeball inspection of the patch. This is generally the case with security advisories, as a) it's part of the modu operandi of the x.y-RELEASE branches and b) time being of the essence, the smaller the number of patches that have to be developed and tested, the better. However, it's not an absolute rule: some security advisories have resulted in version number bumps on some of the branches. If you want to pull down sources with all of the latest version numbers, use cvsup(1), ie. Option 1) in the Solution section of the advisory. However, you probably have succeeded in patching your system and are now not vulnerable, although there's no way to tell that remotely other than by trying to exploit the bug. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --bajzpZikUji1w+G9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/aaI9dtESqEQa7a0RApLMAJ9lwk2nQ68oJe4si7FdBWo8u7tzUQCcDaH1 4D4604Jhsg/rN74tDCxmID0= =tp4Q -----END PGP SIGNATURE----- --bajzpZikUji1w+G9--