From owner-freebsd-security Wed Jun 26 11:57:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 350C237BBB6 for ; Wed, 26 Jun 2002 11:51:36 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA13622; Wed, 26 Jun 2002 12:51:28 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020626124251.02213460@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 26 Jun 2002 12:51:15 -0600 To: Jan Lentfer , FreeBSD Security Mailling List From: Brett Glass Subject: Re: OpenSSH Security (just a question, please no f-war) Cc: markus@openssh.com In-Reply-To: <1025116241.2817.2.camel@jan-linux.lan> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:30 PM 6/26/2002, Jan Lentfer wrote: >I am now running 3.3p1 on all my boxes (FreeBSD & Linux) with Privilige >Separation enabled. Is this configuration secure for now or not? It's not clear. The OpenSSH team claims that when the fixed the bug discovered by ISS they also fixed other vulnerabilities which ISS did NOT discover. If any of these are in 3.3p1, we may be vulnerable. Markus would, of course, be the authority on this issue; maybe he'd care to comment? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message