Re: What's vunerable?

From: Peter Pentchev (roam@orbitel.bg)
Date: 03/16/01


Date: Fri, 16 Mar 2001 14:44:17 +0200
From: Peter Pentchev <roam@orbitel.bg>
To: Shoichi Sakane <sakane@ydc.co.jp>

On Fri, Mar 16, 2001 at 07:25:56PM +0900, Shoichi Sakane wrote:
> > > What I really need to know is what vulnerabilities exist on each box -
> > > so that I can present the boss with a risk assessment, and make him
> > > decide if the box stays as is, or gets a make world.
>
> > Read the advisories.
>
> why don't the maintener of the ports of openssh make upgrade its version ?
> current version of the ports is openssh 2.2.0 which has some vulnerability.

The version of OpenSSH in the ports tree is not plain 2.2.0, but 2.2.0
'port revision' 2. The 'port revision' was bumped twice to indicate
important security fixes. The 'some vulnerability' you are referring to
is probably the Bleichenbacher attack, which affected nearly all SSH
servers at the time; a fix was prompty added to the FreeBSD port.

G'luck,
Peter

-- 
If I had finished this sentence,
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages