Date: Sat, 11 Nov 2000 20:11:03 -0600 (CST) From: Alex Charalabidis <alex@wnm.net> To: John F Cuzzola <vdrifter@ocis.ocis.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH Message-ID: <Pine.BSF.4.21.0011112005030.66947-100000@earth.wnm.net> In-Reply-To: <20001111160742.A52887@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 11 Nov 2000, Kris Kennaway wrote: > On Sat, Nov 11, 2000 at 05:45:55PM -0600, Mike Silbersack wrote: > > > > On Sat, 11 Nov 2000, Kris Kennaway wrote: > > > > > It's OpenSSH 2.2.0 in the base system. SSH 1.2.27 doesn't have any > > > known security issues except for the endemic weaknesses in the > > > protocol. Either SSH 2.x or OpenSSH talk the SSH2 protocols. > > > > > > Kris > > > > Er, old 1.2.27 with old rsaref is root-exploitable. > > Wasn't that 1.2.26? Anyway, I meant the FreeBSD port, which is fixed. > I'm pretty sure the 1.2.27 port is patched even if the actual ssh release isn't (though I remember something being said about 1.2.27 and rsaref, maybe it was the UseLogin bug). Anyway, you can always get 1.2.30 and install it manually if, for some reason, you don't like the idea of OpenSSH. Or pay for ssh 2.0.x. -ac -- ============================================================== Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170 System Administrator Memphis, TN 38157 WebNet Memphis (901) 432 6000 Author, The Book of IRC http://www.bookofirc.com/ ============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011112005030.66947-100000>