Date: Mon, 24 Jun 2002 18:18:33 -0400 (EDT) From: Matt Piechota <piechota@argolis.org> To: Jason DiCioccio <geniusj+categories.replies@bluenugget.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd) Message-ID: <20020624181545.C550-100000@cithaeron.argolis.org> In-Reply-To: <2147483647.1024930479@[192.168.4.154]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jun 2002, Jason DiCioccio wrote: > > OpenBSD and NetBSD users should also update to OpenSSH 3.3 right away. > > On OpenBSD privsep works flawlessly, and I have reports that is also > > true on NetBSD. All other systems appear to have minor or major > > weaknesses when this code is running. > > I know theo did not mention FreeBSD, but does anyone know for sure if > FreeBSD is one of the platforms with major/minor weaknesses in the privsep > code? And if it is major, or minor? ;-) And better yet, is this a 3.x bug, or does it affect 2.whatever that is in the base 4.x-STABLE? Hopefully someone that is 'in' on the bug can give us a hint without giving away too much before the patch, at least so we can prepare to patch and rebuild. Does this reset OpenBSD's 4-years without a root hole? :) -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624181545.C550-100000>