From owner-freebsd-questions@FreeBSD.ORG Mon May 24 13:46:00 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED4A516A4CE for ; Mon, 24 May 2004 13:45:59 -0700 (PDT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70CBE43D1F for ; Mon, 24 May 2004 13:45:59 -0700 (PDT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta9.adelphia.net (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP id <20040524204558.JKW26615.mta9.adelphia.net@barbish>; Mon, 24 May 2004 16:45:58 -0400 From: "JJB" To: "Thomas May" , Date: Mon, 24 May 2004 16:45:58 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20040524192344.E6DFE43D2D@mx1.FreeBSD.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Subject: RE: freebsd 5.2.1 openssh hole X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 May 2004 20:46:00 -0000 Send email to FBSD OpenSSH port maintainer and tell then the port is out of date. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Thomas May Sent: Monday, May 24, 2004 3:23 PM To: freebsd-questions@FreeBSD.org Subject: freebsd 5.2.1 openssh hole Hi, i have installed the new version 5.2.1 and the ports collection from yesterday. i have checked the server with nessus and I got a security hole warning. You are running a version of OpenSSH which is older than 3.7.1 Versions older than 3.7.1 are vulnerable to a flaw in the buffer management functions which might allow an attacker to execute arbitrary commands on this host. What can I do ? I have installed openssl from the ports tree, but I got the same error. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.689 / Virus Database: 450 - Release Date: 21.05.2004 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"