From owner-freebsd-security Wed Nov 28 21:52:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from pogo.caustic.org (caustic.org [64.163.147.186]) by hub.freebsd.org (Postfix) with ESMTP id EB5A737B422 for ; Wed, 28 Nov 2001 21:52:32 -0800 (PST) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fAT5qCY65573; Wed, 28 Nov 2001 21:52:12 -0800 (PST) (envelope-from jan@caustic.org) Date: Wed, 28 Nov 2001 21:52:12 -0800 (PST) From: "f.johan.beisser" X-X-Sender: To: Brett Glass Cc: Mauro Dias , Subject: Re: sshd exploit In-Reply-To: <4.3.2.7.2.20011128221259.04665720@localhost> Message-ID: <20011128214925.P16958-100000@localhost> X-Ignore: This statement isn't supposed to be read by you X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN? MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 28 Nov 2001, Brett Glass wrote: > If so, you can probably patch the hole temporarily by disabling > version 1 of the protocol. You can then upgrade to eliminate the hole. > 3.0.1p1 is said to be immune. It's what I've run ever since I first heard > about the vulnerability. the former isn't really a good option since most people use ssh1 clients, and wouldn't have access to their machines. how long have you known of it? frankly, this is the first i've heard about it, let alone the exploit binary. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message