From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 16 10:33:13 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D783216A4B3 for ; Tue, 16 Sep 2003 10:33:13 -0700 (PDT) Received: from mail.econolodgetulsa.com (mail.econolodgetulsa.com [198.78.66.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49FF743FBF for ; Tue, 16 Sep 2003 10:33:13 -0700 (PDT) (envelope-from user@mail.econolodgetulsa.com) Received: from mail (user@mail [198.78.66.163])h8GHXCnW064751 for ; Tue, 16 Sep 2003 10:33:12 -0700 (PDT) (envelope-from user@mail.econolodgetulsa.com) Date: Tue, 16 Sep 2003 10:33:12 -0700 (PDT) From: Josh Brooks To: freebsd-hackers@freebsd.org Message-ID: <20030916103259.N52432-100000@mail.econolodgetulsa.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: OpenSSH flaw #23515 - what is the workaround, and is there an exploit ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2003 17:33:14 -0000 1. What is the workaround for this issue ? Be creative. Not everyone can update their userland in a normal fashion - and no, I won't sit here and justify that statement. Think embedded systems. 2. Is there really an exploit in the wild ? Any comments appreciated.