Date: Tue, 20 Mar 2001 02:29:22 +0900 From: Shoichi Sakane <sakane@ydc.co.jp> To: kris@obsecurity.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: What's vunerable? Message-ID: <20010320022922E.sakane@ydc.co.jp> In-Reply-To: Your message of "Fri, 16 Mar 2001 12:23:26 -0800" <20010316122326.A98524@mollari.cthul.hu> References: <20010316122326.A98524@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The version of OpenSSH in the ports tree is not plain 2.2.0, but 2.2.0 > > 'port revision' 2. The 'port revision' was bumped twice to indicate > > important security fixes. The 'some vulnerability' you are referring to > > is probably the Bleichenbacher attack, which affected nearly all SSH > > servers at the time; a fix was prompty added to the FreeBSD port. > The above is correct, as is noted in the relevant FreeBSD advisory on OpenSSH :- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc I couldn't find the word, "Bleichenbacher" in this advisory. Thank you, I understand that the port version is not vulnerable. I compiled and installed 2.2.0 'port revision' 2, and I connected to the ssh port number 22 on localhost. the sshd said, shoichi:~] telnet localhost 22 Trying ::1... Connected to localhost. Escape character is '^]'. SSH-1.99-OpenSSH_2.2.0 I just thought the version was vulnerable. So I think the version should be "SSH-1.99-OpenSSH_2.2.0-port_revision_2" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010320022922E.sakane>