From owner-freebsd-security Tue Jun 25 16:37:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 5DA7A37B400 for ; Tue, 25 Jun 2002 16:37:53 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id RAA02292; Tue, 25 Jun 2002 17:37:40 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020625173402.00b4af00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 25 Jun 2002 17:37:31 -0600 To: Mike Silbersack , Brian Nelson From: Brett Glass Subject: Re: ENOUGH!!! Re: [openssh-unix-announce] Re: Upcoming OpenSSH vu lner ability (fwd) Cc: Niels Provos , FreeBSD Security In-Reply-To: <20020625164241.J59112-100000@patrocles.silby.com> References: <3D18B2D9.6030203@notgod.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Geeze.... Just when someone finally says something nice about me on this list.... ;-) Seriously, though, I'm just being practical. BTW, I've finally managed to build a working binary package that will replace the \ built-in OpenSSH in place on 4.4, 4.5, and 4.5-RELEASE. You may have to change /etc/ssh/sshd_config by hand afterward, but then you'll get privilege separation. Anyone who would like a download or would like to post it, just e-mail. --Brett At 03:43 PM 6/25/2002, Mike Silbersack wrote: >On Tue, 25 Jun 2002, Brian Nelson wrote: > >> So far, against all odds, Brett Glass has had the most stable, >> unemotional, and responsible response to this whole issue... everyone >> else likes to yell at you when you don't trust whatever they say because >> they are "big head figures" or suffering from "Young Geek Ego(tm)". > >This just proves that there is an exploit in the wild, and that someone >has hacked Brett's box and is impersonating him. :) > >Mike "Silby" Silbersack > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message