From owner-freebsd-security  Sat Nov 11 16: 6:37 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2235C37B479; Sat, 11 Nov 2000 16:06:35 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eAC07gv52905;
	Sat, 11 Nov 2000 16:07:42 -0800 (PST)
	(envelope-from kris)
Date: Sat, 11 Nov 2000 16:07:42 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Mike Silbersack <silby@silby.com>
Cc: Kris Kennaway <kris@FreeBSD.ORG>,
	John F Cuzzola <vdrifter@ocis.ocis.net>, freebsd-security@FreeBSD.ORG
Subject: Re: SSH
Message-ID: <20001111160742.A52887@citusc17.usc.edu>
References: <20001111150503.A50871@citusc17.usc.edu> <Pine.BSF.4.21.0011111745050.53897-100000@achilles.silby.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0011111745050.53897-100000@achilles.silby.com>; from silby@silby.com on Sat, Nov 11, 2000 at 05:45:55PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Nov 11, 2000 at 05:45:55PM -0600, Mike Silbersack wrote:
>=20
> On Sat, 11 Nov 2000, Kris Kennaway wrote:
>=20
> > It's OpenSSH 2.2.0 in the base system. SSH 1.2.27 doesn't have any
> > known security issues except for the endemic weaknesses in the
> > protocol. Either SSH 2.x or OpenSSH talk the SSH2 protocols.
> >=20
> > Kris
>=20
> Er, old 1.2.27 with old rsaref is root-exploitable.

Wasn't that 1.2.26? Anyway, I meant the FreeBSD port, which is fixed.

Kris

--pWyiEgJYm5f9v55/
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjoN304ACgkQWry0BWjoQKVzfACggm5H5Z1DVtigkkVUOHzqRTjP
7RsAn1i6GFmklyVE0w7YF1yKZKuw3vq9
=+gMo
-----END PGP SIGNATURE-----

--pWyiEgJYm5f9v55/--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message