Date: Mon, 19 Mar 2001 10:43:43 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Shoichi Sakane <sakane@ydc.co.jp> Cc: kris@obsecurity.org, freebsd-security@FreeBSD.ORG, markus@OpenBSD.org Subject: Reporting OpenSSH version (Re: What's vunerable?) Message-ID: <20010319104343.A3941@xor.obsecurity.org> In-Reply-To: <20010320022922E.sakane@ydc.co.jp>; from sakane@ydc.co.jp on Tue, Mar 20, 2001 at 02:29:22AM %2B0900 References: <20010316122326.A98524@mollari.cthul.hu> <20010320022922E.sakane@ydc.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
--6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 20, 2001 at 02:29:22AM +0900, Shoichi Sakane wrote: > I compiled and installed 2.2.0 'port revision' 2, and I connected > to the ssh port number 22 on localhost. the sshd said, >=20 > shoichi:~] telnet localhost 22 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > SSH-1.99-OpenSSH_2.2.0 >=20 > I just thought the version was vulnerable. So I think the version > should be "SSH-1.99-OpenSSH_2.2.0-port_revision_2" You're probably right - something along these lines should be done to distinguish the version reported by scanners like scanssh. I'd prefer SSH-1.99-OpenSSH_2.2.0_2 myself to be consistent with the naming of the port itself, but I'm not sure if this is allowable syntax. Markus, can you comment? Kris --6TrnltStXW4iwmi0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6tlNeWry0BWjoQKURAt+5AJ0ef0/jNT0OHdAoLUF5gH+liaULGQCg89e8 OCR4AxeIeA8Jm4kqDmqIo68= =AAIj -----END PGP SIGNATURE----- --6TrnltStXW4iwmi0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010319104343.A3941>