Date: Sun, 31 Mar 2002 22:18:42 +0200 From: "Rick Hoppe" <mailing@rickhoppe.nl> To: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org> Cc: <security@FreeBSD.ORG> Subject: RE: Why update the world because of OpenSSH? Message-ID: <MLECKHBMGODPBDHNOIAAAEFEDBAA.mailing@rickhoppe.nl> In-Reply-To: <4487.213.112.58.135.1017583220.squirrel@phucking.kicks-ass.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jesper Wallin wrote: > Once again I make me look like a fool.. > > I'm quite new to both mailinglists and FreeBSD so I'm not sure IF i should > post this or where I should post if.. sorry for pissing you off.. > > Well, for some month ago I saw the warnings about the root exploit for > OpenSSH here. What I never understood what, why should I update my world > because of an OpenSSH exploit? Isn't it enought to just cvsup the > ports and > re-install OpenSSH from the ports? > > > //Jesper aka Z3l3zT > Please take your time to read and understand the FreeBSD Security Advisories. Your answer is already in the security advisory itself. Part of FreeBSD Security Advisory FreeBSD-SA-02:13.openssh : <QUOTE> V. Solution Do one of the following: [For OpenSSH included in the base system] 1) Upgrade the vulnerable system to 4.4-RELEASEp9, 4.5-RELEASEp2, or 4.5-STABLE after the correction date and rebuild. 2) FreeBSD 4.x systems prior to the correction date: The following patch has been verified to apply to FreeBSD 4.4-RELEASE, 4.5-RELEASE, and 4.5-STABLE dated prior to the correction date. It may or may not apply to older, unsupported versions of FreeBSD. Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc Execute the following commands as root: # cd /usr/src # patch < /path/to/sshd.patch # cd /usr/src/secure/lib/libssh # make depend && make all # cd /usr/src/secure/usr.sbin/sshd # make depend && make all install # cd /usr/src/secure/usr.bin/ssh # make depend && make all install </QUOTE> This advisory has two solutions for systems with OpenSSH in the base system. It seems the second solution is the best for you. Please note when you already installed the OpenSSH port, the base OpenSSH is still there. So your users may be able to use that one with the security problem instead of the OpenSSH you installed with the port. So you may choose to install the newest OpenSSH port that also is fixed, but don't forget the OpenSSH in the base system. Please use solution 2. Regards, Rick Hoppe Network- and Systemspecialist Xtraxion Internet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MLECKHBMGODPBDHNOIAAAEFEDBAA.mailing>