From owner-freebsd-security Sun Dec 2 12:39:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from deneb.healthnet-sl.es (deneb.healthnet-sl.es [213.201.25.69]) by hub.freebsd.org (Postfix) with ESMTP id 3E72D37B417 for ; Sun, 2 Dec 2001 12:39:38 -0800 (PST) Received: (from root@localhost) by deneb.healthnet-sl.es (8.11.6/8.11.3) id fB2KdbG57815 for security@freebsd.org; Sun, 2 Dec 2001 21:39:37 +0100 (CET) (envelope-from webmaster@healthnet.es) Received: from ntw3 ([213.201.25.250]) by deneb.healthnet-sl.es (8.11.6/8.11.3av) with SMTP id fB2KdY657807 for ; Sun, 2 Dec 2001 21:39:36 +0100 (CET) (envelope-from webmaster@healthnet.es) Message-ID: <01dd01c17b71$6130e600$0400000a@hin> From: "Webmaster" To: References: <01d101c17b6e$2f43b530$0400000a@hin> Subject: RE: OpenSSH vulnerability? Date: Sun, 2 Dec 2001 21:39:01 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org More to the point, I was asking about the latest openssh fixes that I just received from RedHat recently (which involved new fixes for the already known CAN-2001-0816, and at least one other minor problem). I got the SRPM and while it is difficult to interpret the implications of the diffs, the changes do not suggest that any remote exploit was fixed. False alarm I suppose. Anything new about the "exploit", anyway? Carlos Amengual > Is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0816 related to the > "OpenSSH binary exploit" mentioned earlier here? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message