Date: Fri, 16 Mar 2001 14:44:17 +0200 From: Peter Pentchev <roam@orbitel.bg> To: Shoichi Sakane <sakane@ydc.co.jp> Cc: kris@obsecurity.org, freebsd-security@FreeBSD.ORG Subject: Re: What's vunerable? Message-ID: <20010316144417.A22302@ringworld.oblivion.bg> In-Reply-To: <20010316192556Q.sakane@ydc.co.jp>; from sakane@ydc.co.jp on Fri, Mar 16, 2001 at 07:25:56PM %2B0900 References: <20010316014004.A86953@mollari.cthul.hu> <20010316192556Q.sakane@ydc.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 16, 2001 at 07:25:56PM +0900, Shoichi Sakane wrote: > > > What I really need to know is what vulnerabilities exist on each box - > > > so that I can present the boss with a risk assessment, and make him > > > decide if the box stays as is, or gets a make world. > > > Read the advisories. > > why don't the maintener of the ports of openssh make upgrade its version ? > current version of the ports is openssh 2.2.0 which has some vulnerability. The version of OpenSSH in the ports tree is not plain 2.2.0, but 2.2.0 'port revision' 2. The 'port revision' was bumped twice to indicate important security fixes. The 'some vulnerability' you are referring to is probably the Bleichenbacher attack, which affected nearly all SSH servers at the time; a fix was prompty added to the FreeBSD port. G'luck, Peter -- If I had finished this sentence, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010316144417.A22302>