From owner-freebsd-questions  Thu Nov 12 20:59:50 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA21599
          for freebsd-questions-outgoing; Thu, 12 Nov 1998 20:59:50 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gamefish.pcola.gulf.net (gamefish.pcola.gulf.net [198.69.72.22])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA21593
          for <freebsd-questions@FreeBSD.ORG>; Thu, 12 Nov 1998 20:59:47 -0800 (PST)
          (envelope-from psalzman@gamefish.pcola.gulf.net)
Received: from localhost (psalzman@localhost)
	by gamefish.pcola.gulf.net (8.9.1/8.9.1) with ESMTP id EAA07840;
	Fri, 13 Nov 1998 04:59:23 GMT
	(envelope-from psalzman@gamefish.pcola.gulf.net)
Date: Fri, 13 Nov 1998 04:59:23 +0000 (GMT)
From: Phillip Salzman <psalzman@gamefish.pcola.gulf.net>
To: Willow <willow@tds.edu>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: ssh/sshd questions
In-Reply-To: <Pine.BSF.4.05.9811122342520.5195-100000@zeus.tds.edu>
Message-ID: <Pine.BSF.4.05.9811130457060.7818-100000@gamefish.pcola.gulf.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


> I just installed ssh/sshd from 2.2.7 ports, and seem to rememeber a
> security announcement regarding it.  Does anyone remember such an
> announcement?  
> 
	www.rootshell.com was hacked, they say the hacker used ssh
to get in.  its possible to cause a buffer overflow in ssh, but no code
exists that will do it.  my guess with the ssh thing is someone did:
	ssh -l root www.rootshell.com
	root@www.rootshell.com's password: <bingo>

and had a good 'ol time.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message