From owner-freebsd-security@FreeBSD.ORG  Fri Sep 29 03:45:03 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3EF7516A403
	for <freebsd-security@freebsd.org>;
	Fri, 29 Sep 2006 03:45:03 +0000 (UTC)
	(envelope-from cperciva@freebsd.org)
Received: from pd5mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C641C43D45
	for <freebsd-security@freebsd.org>;
	Fri, 29 Sep 2006 03:45:02 +0000 (GMT)
	(envelope-from cperciva@freebsd.org)
Received: from pd4mr4so.prod.shaw.ca
	(pd4mr4so-qfe3.prod.shaw.ca [10.0.141.215]) by l-daemon
	(Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
	with ESMTP id <0J6C00E9R51SYW20@l-daemon> for
	freebsd-security@freebsd.org; Thu, 28 Sep 2006 21:44:16 -0600 (MDT)
Received: from pn2ml4so.prod.shaw.ca ([10.0.121.148])
	by pd4mr4so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01
	(built Mar
	15 2004)) with ESMTP id <0J6C009U951SRO90@pd4mr4so.prod.shaw.ca> for
	freebsd-security@freebsd.org; Thu, 28 Sep 2006 21:44:16 -0600 (MDT)
Received: from hexahedron.daemonology.net ([24.82.18.31])
	by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
	2004)) with SMTP id <0J6C0082F51SFGE0@l-daemon> for
	freebsd-security@freebsd.org; Thu, 28 Sep 2006 21:44:16 -0600 (MDT)
Received: (qmail 96144 invoked from network); Fri, 29 Sep 2006 03:44:15 +0000
Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1)
	by localhost with SMTP; Fri, 29 Sep 2006 03:44:15 +0000
Date: Thu, 28 Sep 2006 20:44:15 -0700
From: Colin Percival <cperciva@freebsd.org>
In-reply-to: <7.0.1.0.0.20060928190249.17650ab8@sentex.net>
To: Mike Tancsa <mike@sentex.net>
Message-id: <451C968F.6060204@freebsd.org>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7bit
X-Enigmail-Version: 0.94.0.0
References: <7.0.1.0.0.20060928190249.17650ab8@sentex.net>
User-Agent: Thunderbird 1.5 (X11/20060416)
Cc: freebsd-security@freebsd.org
Subject: Re: OpenSSH DoS issue ?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Sep 2006 03:45:03 -0000

Mike Tancsa wrote:
> Is the version in FreeBSD vulnerable ?
> 
> http://www.openssh.com/txt/release-4.4
> 
> I know version 1 is disabled by default, but if its not, does it impact
> the daemon ?

Yes.  This will be addressed in FreeBSD-SA-06:22.openssh (originally planned
for today, but delayed because of some last-minute problems.)

Colin Percival