Date: Tue, 5 Feb 2002 10:10:02 -0800 (PST) From: "Jin Guojun[ITG]" <j_guojun@lbl.gov> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/34502: ssh can crash the 4.5 system Message-ID: <200202051810.g15IA2O61772@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/34502; it has been noted by GNATS. From: "Jin Guojun[ITG]" <j_guojun@lbl.gov> To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: bin/34502: ssh can crash the 4.5 system Date: Tue, 05 Feb 2002 10:02:17 -0800 > Problem 1: > ssh localhost > cause system panic. A local user can use it to crash all 4.5 systems. This has been identified as an installation problem which is related to some /dev/md0 error. The installations without /dev/md0 error do not produce such problem. This portion can be closed. > Problem 2: > does not work for protocol 2. After rename authorized_keys to > x.authorized_keys (i.e., disable protocol 1), then ssh will ask > password instead of passphase. This problem exist in all OpenSSH 2.x release. It has been fixed after OpenSSH 3.0.1. Since FreeBSD security Advisory -- FreeBSD-SA-01:63.openssh -- sent out on 2001-12-07, said that there is a problem prior to 3.0.2 release, so, the solution is to update ssh to OpenSSH 3.1.0 or the later release. How soon can we get SSH updated to release 3.1.0 or better? Thanks, -Jin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202051810.g15IA2O61772>