Date: Sun, 18 Nov 2001 12:40:55 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Patching 4.4-RELEASE against SSHv1 exploit Message-ID: <200111182041.fAIKfGE03587@cwsys.cwsent.com> In-Reply-To: Your message of "Sun, 18 Nov 2001 12:56:07 MST." <4.3.2.7.2.20011118124921.041ea050@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <4.3.2.7.2.20011118124921.041ea050@localhost>, Brett Glass writes: > In a recent message to Bugtraq (quoted below), Dave Dittrich notes that > an SSH exploit has been specifically tuned to attack machines running > FreeBSD 4.x and certain versions of SSH. The hole apparently dates back > to the liberally licensed versions of SSH, and so is present in both > OpenSSH and SSH, Inc.'s SSH. Is 4.4-RELEASE vulnerable in the default > install if sshd is enabled? If so, is there a patch? This should answer your question: http://www.securityfocus.com/archive/82/222981 Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111182041.fAIKfGE03587>