Date: Sat, 11 Nov 2000 16:07:42 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Mike Silbersack <silby@silby.com> Cc: Kris Kennaway <kris@FreeBSD.ORG>, John F Cuzzola <vdrifter@ocis.ocis.net>, freebsd-security@FreeBSD.ORG Subject: Re: SSH Message-ID: <20001111160742.A52887@citusc17.usc.edu> In-Reply-To: <Pine.BSF.4.21.0011111745050.53897-100000@achilles.silby.com>; from silby@silby.com on Sat, Nov 11, 2000 at 05:45:55PM -0600 References: <20001111150503.A50871@citusc17.usc.edu> <Pine.BSF.4.21.0011111745050.53897-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 11, 2000 at 05:45:55PM -0600, Mike Silbersack wrote: >=20 > On Sat, 11 Nov 2000, Kris Kennaway wrote: >=20 > > It's OpenSSH 2.2.0 in the base system. SSH 1.2.27 doesn't have any > > known security issues except for the endemic weaknesses in the > > protocol. Either SSH 2.x or OpenSSH talk the SSH2 protocols. > >=20 > > Kris >=20 > Er, old 1.2.27 with old rsaref is root-exploitable. Wasn't that 1.2.26? Anyway, I meant the FreeBSD port, which is fixed. Kris --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoN304ACgkQWry0BWjoQKVzfACggm5H5Z1DVtigkkVUOHzqRTjP 7RsAn1i6GFmklyVE0w7YF1yKZKuw3vq9 =+gMo -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001111160742.A52887>