From owner-freebsd-security Thu Mar 7 15: 7:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from ldc.ro (ldc-gw.rdsnet.ro [213.157.163.8]) by hub.freebsd.org (Postfix) with SMTP id D512937B400 for ; Thu, 7 Mar 2002 15:07:36 -0800 (PST) Received: (qmail 89803 invoked by uid 666); 7 Mar 2002 23:07:28 -0000 Date: Fri, 8 Mar 2002 01:07:28 +0200 From: Alex Popa To: freebsd-security@freebsd.org Subject: ssh version string Message-ID: <20020308010728.A82325@ldc.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. I finished a build/installworld on -stable a few hours ago, and I noticed that the ssh version string had not been bumped at the moment I did the cvsup, however the fix *is* in channels.c. next is output from ls; times are UTC+2 -rw-r--r-- 1 root wheel 74727 Mar 7 19:11 channels.c -rw-r--r-- 1 root wheel 11705 Feb 3 16:29 channels.h -rw-r--r-- 1 root wheel 2061 Sep 28 04:33 version.c -rw-r--r-- 1 root wheel 431 Feb 3 16:29 version.h So I seem to have caught the moment between the updating of channels.c and version.h. [confirmed: a new cvsup changed just version.h, not the rest] This is useful to use as a honeypot-like system. I wonder if you could tell me what the signs of trying to exploit the (now fixed) vulnerability are, so I could pay extra care with those. Thank you Alex ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor@ldc.ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message