From owner-freebsd-security Mon Jun 24 20:28:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from giroc.albury.net.au (giroc.albury.NET.AU [203.15.244.13]) by hub.freebsd.org (Postfix) with ESMTP id 11B5E37B403 for ; Mon, 24 Jun 2002 20:28:12 -0700 (PDT) Received: from giroc.albury.net.au (giroc.albury.net.au [203.15.244.13]) by giroc.albury.net.au (8.11.1/8.11.1) with ESMTP id g5P3S8728943; Tue, 25 Jun 2002 13:28:08 +1000 (EST) X-Delivered-To: freebsd-security@FreeBSD.ORG Date: Tue, 25 Jun 2002 13:28:08 +1000 (EST) From: X-X-Sender: To: Chris Knight Cc: , Subject: RE: Hogwash In-Reply-To: <005301c21bf5$b8d32ce0$020aa8c0@aims.private> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 25 Jun 2002, Chris Knight wrote: > I don't know what the official response will be, but given the lack > of information regarding the exploit, plus it's effect on a privsep > enabled ssh, it would be mad not to recommend either turning off > sshd, or where that is not possible, use firewalling rules to > restrict ssh access to a limited number of hosts. Does anyone know how hosts.allow rules (and/or tcpwrappers) will affect this vulnerability? If one has sshd: ip.of.trusted.host, ip.of.also-trusted.host in /etc/hosts.allow, is that still "sufficiently" safe to live with in the short term? TIA, RossW To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message