From owner-freebsd-bugs Tue Feb 5 10:10: 6 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3024737B420 for ; Tue, 5 Feb 2002 10:10:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g15IA2O61772; Tue, 5 Feb 2002 10:10:02 -0800 (PST) (envelope-from gnats) Date: Tue, 5 Feb 2002 10:10:02 -0800 (PST) Message-Id: <200202051810.g15IA2O61772@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: "Jin Guojun[ITG]" Subject: Re: bin/34502: ssh can crash the 4.5 system Reply-To: "Jin Guojun[ITG]" Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/34502; it has been noted by GNATS. From: "Jin Guojun[ITG]" To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: bin/34502: ssh can crash the 4.5 system Date: Tue, 05 Feb 2002 10:02:17 -0800 > Problem 1: > ssh localhost > cause system panic. A local user can use it to crash all 4.5 systems. This has been identified as an installation problem which is related to some /dev/md0 error. The installations without /dev/md0 error do not produce such problem. This portion can be closed. > Problem 2: > does not work for protocol 2. After rename authorized_keys to > x.authorized_keys (i.e., disable protocol 1), then ssh will ask > password instead of passphase. This problem exist in all OpenSSH 2.x release. It has been fixed after OpenSSH 3.0.1. Since FreeBSD security Advisory -- FreeBSD-SA-01:63.openssh -- sent out on 2001-12-07, said that there is a problem prior to 3.0.2 release, so, the solution is to update ssh to OpenSSH 3.1.0 or the later release. How soon can we get SSH updated to release 3.1.0 or better? Thanks, -Jin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message