Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh

From: Ian Smith <smithi@xxxxxxxxxxxxx>
Date: Thu, 17 Apr 2008 16:07:56 +1000 (EST)

On Thu, 17 Apr 2008, FreeBSD Security Advisories wrote:

IV. Workaround

Disable support for IPv6 in the sshd(8) daemon by setting the option
"AddressFamily inet" in /etc/ssh/sshd_config.

Disable support for X11 forwarding in the sshd(8) daemon by setting
the option "X11Forwarding no" in /etc/ssh/sshd_config.

It's not quite clear from this whether both workarounds are required, or
just either one, until upgrading?

cheers, Ian

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
  - From: mouss

References:
- FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
  - From: FreeBSD Security Advisories

Prev by Date: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
Next by Date: Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
Previous by thread: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
Next by thread: Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
Index(es):
- Date
- Thread

Relevant Pages

Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
... On Thu, 17 Apr 2008, Peter Pentchev wrote: ... > IV. Workaround ... > Disable support for IPv6 in the sshddaemon by setting the option ...
(FreeBSD-Security)
Re: turning off IPv6
... Calling arguments from other people "strawman". ... a userspace server daemon is a non-starter. ... One doesn't have to recompile the kernel to enable IPv6 either, so, ... kernel modules to load at boot time. ...
(Ubuntu)
Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
... > Disable support for IPv6 in the sshddaemon by setting the option ... my understanding is that either workaround will prevent the problem, since the problem relies on x11 forwarding and ipv6 being both enabled. ...
(FreeBSD-Security)
Re: dualstack IPv4/IPv6 ADSL PPPoE configuration?
... IPv6 subnet to me. ... The only IPv6 related info I have from the ISP is the address of the subnet. ... All you need to do after that is to somehow configure interface with your real IPv6 addresses using some daemon or statically. ...
(freebsd-net)
Re: Feature Request "secure by default"
... Still, I have the ipv6 kernel module loaded, and my nic has ... an inet6 address. ... Ipv6 is not a daemon or service. ... in my case, i did the same, but unless i disable ip6tables, i still have to ...
(Fedora)