Re: openssh in 4.9
From: Kris Kennaway (kris_at_obsecurity.org)
Date: 10/31/03
- Previous message: Mantas S.: "Probs with racoon"
- In reply to: Wayne Pascoe: "Re: openssh in 4.9"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 31 Oct 2003 01:47:30 -0800 To: Wayne Pascoe <freebsd-questions@penguinpowered.org>
On Fri, Oct 31, 2003 at 08:55:15AM +0000, Wayne Pascoe wrote:
> On Thu, Oct 30, 2003 at 10:22:06AM -0800, Kris Kennaway wrote:
> > Please read the security advisory.
>
> I've read the advisory. It states a couple of workarounds (which I
> enabled at the time anyway) and also states that the problem is
> rectified in -STABLE beyond a certain date.
>
> However, looking at the openssh advisory's, the only fix is to be
> running a version 3.7.1p1 or later. So I'm confused. Have the FreeBSD
> team backported these fixes into 3.5.1 ?
Yes, that's why the FreeBSD advisory says the problem was rectified in
-STABLE beyond a certain date ;-)
> One of my problems is that some of my clients occasionally have 3rd
> parties perform penetration testing on our servers. I need an
> explanation for when the 3rd party comes back and says that I am running
> a vulnerable ssh.
Compare the version string to an unpatched openssh version...they are
not the same.
Kris
- application/pgp-signature attachment: stored
- Previous message: Mantas S.: "Probs with racoon"
- In reply to: Wayne Pascoe: "Re: openssh in 4.9"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
