From owner-freebsd-questions@FreeBSD.ORG Mon May 24 14:02:05 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A637516A4CF for ; Mon, 24 May 2004 14:02:05 -0700 (PDT) Received: from lorax.ldc.upenn.edu (lorax.ldc.upenn.edu [158.130.16.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74EB443D2F for ; Mon, 24 May 2004 14:02:05 -0700 (PDT) (envelope-from fuzz@ldc.upenn.edu) Received: by lorax.ldc.upenn.edu (Postfix, from userid 32822) id CC1462287A; Mon, 24 May 2004 17:01:29 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by lorax.ldc.upenn.edu (Postfix) with ESMTP id C3F9D22820; Mon, 24 May 2004 17:01:29 -0400 (EDT) Date: Mon, 24 May 2004 17:01:29 -0400 (EDT) From: "Jason M. Leonard" To: JJB In-Reply-To: Message-ID: <20040524165011.M91083@lorax.ldc.upenn.edu> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Thomas May cc: freebsd-questions@FreeBSD.org Subject: RE: freebsd 5.2.1 openssh hole X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 May 2004 21:02:05 -0000 On Mon, 24 May 2004, JJB wrote: > Send email to FBSD OpenSSH port maintainer and tell then the port is > out of date. But only do so if you want to look like a complete moron. (from a box with a recent ports tree) dogfish# ssh -V OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 OpenSSH 3.8.1p1 is the latest version available from OpenSSH. The ports tree included with a -RELEASE is the ports tree for that release. It isn't going to be changed. If you want ports more recent than the release date, update your ports collection. :Fuzz > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Thomas May > Sent: Monday, May 24, 2004 3:23 PM > To: freebsd-questions@FreeBSD.org > Subject: freebsd 5.2.1 openssh hole > > Hi, > > > > i have installed the new version 5.2.1 and the ports collection from > yesterday. i have checked the server > > with nessus and I got a security hole warning. > > > > You are running a version of OpenSSH which is older than 3.7.1 > > > > Versions older than 3.7.1 are vulnerable to a flaw in the buffer > management > > functions which might allow an attacker to execute arbitrary > commands on > this > > host. > > > > What can I do ? I have installed openssl from the ports tree, but I > got the > same error. > > > > > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.689 / Virus Database: 450 - Release Date: 21.05.2004 > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >