Date: Fri, 8 Mar 2002 01:07:28 +0200 From: Alex Popa <razor@ldc.ro> To: freebsd-security@freebsd.org Subject: ssh version string Message-ID: <20020308010728.A82325@ldc.ro>
next in thread | raw e-mail | index | archive | help
Hello. I finished a build/installworld on -stable a few hours ago, and I noticed that the ssh version string had not been bumped at the moment I did the cvsup, however the fix *is* in channels.c. next is output from ls; times are UTC+2 -rw-r--r-- 1 root wheel 74727 Mar 7 19:11 channels.c -rw-r--r-- 1 root wheel 11705 Feb 3 16:29 channels.h -rw-r--r-- 1 root wheel 2061 Sep 28 04:33 version.c -rw-r--r-- 1 root wheel 431 Feb 3 16:29 version.h So I seem to have caught the moment between the updating of channels.c and version.h. [confirmed: a new cvsup changed just version.h, not the rest] This is useful to use as a honeypot-like system. I wonder if you could tell me what the signs of trying to exploit the (now fixed) vulnerability are, so I could pay extra care with those. Thank you Alex ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor@ldc.ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020308010728.A82325>