Date: Tue, 2 Jul 2002 08:47:37 -0400 From: "Peter Brezny" <peter@skyrunner.net> To: <freebsd-security@freebsd.org> Subject: CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Message-ID: <NEBBIGLHNDFEJMMIEGOOGEHGFCAA.peter@skyrunner.net>
next in thread | raw e-mail | index | archive | help
I've been trying to get clear on whether or not freebsd-stable (4.6-STABLE FreeBSD 4.6-STABLE #0: Sat Jun 29 00:37:13 EDT 2002) has resolved the problem listed in CA-2002-18 from CERT. it doesn't appear so since it's running Openssh_2.9 and http://openssh.org/txt/preauth.adv clearly says that freebsd is vulnerable. I _THOUGHT_ i found something on the freebsd site stating that OpenSSH_2.9 FreeBSD localisations 20020307 was not vulnerable, however, I can't find it now. Since there doesn't appear to be a security advisory or notice from the freebsd security team on this one yet, what's the best thing to do? Manually update to openssh 3.4? Is an update to the base system in the works? TIA Peter Brezny Skyrunner.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIGLHNDFEJMMIEGOOGEHGFCAA.peter>