From owner-freebsd-security Wed Dec 5 11:47:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by hub.freebsd.org (Postfix) with ESMTP id B65D837B41B; Wed, 5 Dec 2001 11:47:14 -0800 (PST) Received: from switchblade.cyberpunkz.org (rob@localhost.cyberpunkz.org [127.0.0.1]) by switchblade.cyberpunkz.org (8.12.1/CpA-TLS-1.2.12-1) with ESMTP id fB5Jl9gI071743 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 5 Dec 2001 13:47:10 -0600 (CST)?g (envelope-from rob@switchblade.cyberpunkz.org)œ Posted-Date: Wed, 5 Dec 2001 13:47:10 -0600 (CST) Abuse-Contact: abuse@cyberpunkz.org Received: (from rob@localhost) by switchblade.cyberpunkz.org (8.12.1/8.12.1/Submit) id fB5Jl9Ct071742; Wed, 5 Dec 2001 13:47:09 -0600 (CST)?g (envelope-from rob) Date: Wed, 5 Dec 2001 13:47:09 -0600 From: Rob Andrews To: "David W. Chapman Jr." Cc: FreeBSD Security Advisories , security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:63.openssh Message-ID: <20011205134709.A71719@switchblade.cyberpunkz.org> References: <200112041726.fB4HQbA05231@freefall.freebsd.org> <20011205194053.GB78905@leviathan.inethouston.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011205194053.GB78905@leviathan.inethouston.net>; from dwcjr@inethouston.net on Wed, Dec 05, 2001 at 01:40:53PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Dec 05, 2001 at 01:40:53PM -0600, David W. Chapman Jr. wrote: > Does this also apply to the openssh-portable port? > > In addition, there are two versions of OpenSSH included in the > > ports collection. One is ports/security/openssh, which is the > > BSD-specific version of OpenSSH. Versions of this port prior to > > openssh-3.0.2 exhibit the problem described above. The other is > > ports/security/openssh-portable, which is not vulnerable, even if the > > server is set to `UseLogin yes'. The answer to your question was right here in the advisory.. Rob Andrews Admin | Owner http://cyberpunkz.org/ rob@cyberpunkz.org --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8Dnm9AXwJ9YLqJJURAgYHAJ4rUXR5Km0GBVACZW5VjULhy0k9qQCbBeMi TKVEjuRgU09xzIEOFnvePH4= =+2AZ -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message