From owner-freebsd-ports  Sun May 26 16:30:14 2002
Delivered-To: freebsd-ports@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 523B737B403
	for <freebsd-ports@hub.freebsd.org>; Sun, 26 May 2002 16:30:02 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g4QNU2c55901;
	Sun, 26 May 2002 16:30:02 -0700 (PDT)
	(envelope-from gnats)
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 3292637B400
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 May 2002 16:27:47 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g4QNRlhG022673
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 May 2002 16:27:47 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g4QNRlr7022672;
	Sun, 26 May 2002 16:27:47 -0700 (PDT)
Message-Id: <200205262327.g4QNRlr7022672@www.freebsd.org>
Date: Sun, 26 May 2002 16:27:47 -0700 (PDT)
From: Geir Råness <freebsd@pulz.no>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: ports/38592: Bug in ssh2 in the ports !
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


>Number:         38592
>Category:       ports
>Synopsis:       Bug in ssh2 in the ports !
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 26 16:30:02 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Geir Råness
>Release:        4.5
>Organization:
>Environment:
FreeBSD pulz.mine.nu 4.5-STABLE FreeBSD 4.5-STABLE #0: Mon Apr 22 15:44:46 CEST 2002     geir@pulz.soulcollector.org.uk:/usr/obj/usr/src/sys/PULZ  i386
>Description:
There has been found and bug in the ssh 3.0.1 to 3.1.0 series.

And if you look in ssh2 ports dir, you will see it juse 3.1.0.

If you dont conf your config file right, you would be vuln to this bug.

Read about it here
http://online.securityfocus.com/archive/1/273840/2002-05-23/2002-05-29/0
http://www.ssh.com/products/ssh/advisories/authentication.cfm

The maintainer of this port has also been notified about this problem.

So at last, i would like to have this port marked as forbidden.
And the maintainer shuld update it !
>How-To-Repeat:
Install ssh2 3.1.0 and juse standar conf  ? ;)
>Fix:
Either conf your config file right.
Patch your current ssh, or you shuld upgraded to the newest version.
That is 3.1.2 at this time.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message