From owner-freebsd-security Wed Jun 26 9: 8:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from anchor-post-30.mail.demon.net (anchor-post-30.mail.demon.net [194.217.242.88]) by hub.freebsd.org (Postfix) with ESMTP id F010D37B401 for ; Wed, 26 Jun 2002 09:08:22 -0700 (PDT) Received: from caomhin.demon.co.uk ([62.49.21.186]) by anchor-post-30.mail.demon.net with esmtp (Exim 3.35 #1) id 17NFLB-000JKD-0U; Wed, 26 Jun 2002 17:08:22 +0100 Message-ID: Date: Wed, 26 Jun 2002 17:07:55 +0100 To: "H. Wade Minter" Cc: freebsd-security@freebsd.org From: Kevin Golding Subject: Re: Much ado about nothing. References: <20020626072326.A4270@mail.seattleFenix.net> <20020626113517.N3133-100000@bunning.skiltech.com> In-Reply-To: <20020626113517.N3133-100000@bunning.skiltech.com> MIME-Version: 1.0 X-Mailer: Turnpike Integrated Version 5.01 U Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Someone, quite probably H. Wade Minter, once wrote: >On Wed, 26 Jun 2002, Benjamin Krueger wrote: > >> >> http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 > > >Lemme see if I have this right. > >We were all whipped into a "Must Upgrade NOW!!!!" frenzy over this OpenSSH >hole. It was so severe that it had to be kept in utmost secrecy, and the >S.O.P. seemed to be "If you can't or won't upgrade, then turn off SSH,"... > >...and the solution is to disable S/KEY??? That's it? Not even that :-) Jacques has confirmed that the 2.9 which most people are (were?) running wasn't even vulnerable anyway. Kevin -- kevin@caomhin.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message