Date: Sun, 18 Nov 2001 21:13:28 +0100 From: "G.P. de Boer" <g.p.de.boer@st.hanze.nl> To: Brett Glass <brett@lariat.org>, security@freebsd.org Subject: Re: Patching 4.4-RELEASE against SSHv1 exploit Message-ID: <5.1.0.14.0.20011118211207.01fd4df8@thedarkside.nl> In-Reply-To: <4.3.2.7.2.20011118124921.041ea050@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 20:56 18-11-2001, Brett Glass wrote: >In a recent message to Bugtraq (quoted below), Dave Dittrich notes that an >SSH exploit has been specifically tuned to attack machines running FreeBSD >4.x and certain versions of SSH. The hole apparently dates back to the >liberally licensed versions of SSH, and so is present in both OpenSSH and >SSH, Inc.'s SSH. Is 4.4-RELEASE vulnerable in the default install if sshd >is enabled? If so, is there a patch? 4.4-RELEASE base has OpenSSH-2.3.0, which isn't vulnerable to this attack. GP. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011118211207.01fd4df8>