From owner-freebsd-security  Sat Nov 11 15:45:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id 9949D37B479
	for <freebsd-security@FreeBSD.ORG>; Sat, 11 Nov 2000 15:45:56 -0800 (PST)
Received: (qmail 53902 invoked by uid 1000); 11 Nov 2000 23:45:55 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 11 Nov 2000 23:45:55 -0000
Date: Sat, 11 Nov 2000 17:45:55 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: John F Cuzzola <vdrifter@ocis.ocis.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: SSH
In-Reply-To: <20001111150503.A50871@citusc17.usc.edu>
Message-ID: <Pine.BSF.4.21.0011111745050.53897-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Sat, 11 Nov 2000, Kris Kennaway wrote:

> It's OpenSSH 2.2.0 in the base system. SSH 1.2.27 doesn't have any
> known security issues except for the endemic weaknesses in the
> protocol. Either SSH 2.x or OpenSSH talk the SSH2 protocols.
> 
> Kris

Er, old 1.2.27 with old rsaref is root-exploitable.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message