Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 16 Mar 2001 12:23:26 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Shoichi Sakane <sakane@ydc.co.jp>, kris@obsecurity.org, freebsd-security@FreeBSD.ORG
Subject:   Re: What's vunerable?
Message-ID:  <20010316122326.A98524@mollari.cthul.hu>
In-Reply-To: <20010316144417.A22302@ringworld.oblivion.bg>; from roam@orbitel.bg on Fri, Mar 16, 2001 at 02:44:17PM %2B0200
References:  <20010316014004.A86953@mollari.cthul.hu> <20010316192556Q.sakane@ydc.co.jp> <20010316144417.A22302@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help 

--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 16, 2001 at 02:44:17PM +0200, Peter Pentchev wrote:
> On Fri, Mar 16, 2001 at 07:25:56PM +0900, Shoichi Sakane wrote:
> > > > What I really need to know is what vulnerabilities exist on each bo=
x -
> > > > so that I can present the boss with a risk assessment, and make him
> > > > decide if the box stays as is, or gets a make world.
> >=20
> > > Read the advisories.
> >=20
> > why don't the maintener of the ports of openssh make upgrade its versio=
n ?
> > current version of the ports is openssh 2.2.0 which has some vulnerabil=
ity.
>=20
> The version of OpenSSH in the ports tree is not plain 2.2.0, but 2.2.0
> 'port revision' 2.  The 'port revision' was bumped twice to indicate
> important security fixes.  The 'some vulnerability' you are referring to
> is probably the Bleichenbacher attack, which affected nearly all SSH
> servers at the time; a fix was prompty added to the FreeBSD port.

The above is correct, as is noted in the relevant FreeBSD advisory on OpenS=
SH :-)

Kris

--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6snY+Wry0BWjoQKURAkyZAJ9MoG4EY5PHgC0/UUdseqHgUG9IuQCfXC+l
qaJTMVjqbYkLF+LvqwvK5y0=
=KDt7
-----END PGP SIGNATURE-----

--HcAYCG3uE/tztfnV--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010316122326.A98524>