Re: Cleaning out unneeded executables



Paul Kimoto wrote:

[putolin]

Meanwhile, NIST says:

: Vulnerable software and versions
:
: OpenBSD, OpenSSH, 4.2 p1
: OpenBSD, OpenSSH, 4.1 p1
: OpenBSD, OpenSSH, 4.0 p1
: OpenBSD, OpenSSH, 3.0 p1
: OpenBSD, OpenSSH, 3.0
: OpenBSD, OpenSSH, 3.0.1 p1
: OpenBSD, OpenSSH, 3.0.1
: OpenBSD, OpenSSH, 3.0.2 p1
: OpenBSD, OpenSSH, 3.0.2
: OpenBSD, OpenSSH, 3.1 p1
: OpenBSD, OpenSSH, 3.1
: OpenBSD, OpenSSH, 3.2
: OpenBSD, OpenSSH, 3.2.2 p1
: OpenBSD, OpenSSH, 3.2.3 p1
: OpenBSD, OpenSSH, 3.3 p1
: OpenBSD, OpenSSH, 3.3
: OpenBSD, OpenSSH, 3.4 p1
: OpenBSD, OpenSSH, 3.4
: OpenBSD, OpenSSH, 3.5
: OpenBSD, OpenSSH, 3.5 p1
: OpenBSD, OpenSSH, 3.6
: OpenBSD, OpenSSH, 3.6.1 p1
: OpenBSD, OpenSSH, 3.6.1 p2
: OpenBSD, OpenSSH, 3.6.1
: OpenBSD, OpenSSH, 3.7
: OpenBSD, OpenSSH, 3.7.1 p2
: OpenBSD, OpenSSH, 3.7.1
: OpenBSD, OpenSSH, 3.8
: OpenBSD, OpenSSH, 3.8.1 p1
: OpenBSD, OpenSSH, 3.8.1
: OpenBSD, OpenSSH, 3.9
: OpenBSD, OpenSSH, 3.9.1 p1
: OpenBSD, OpenSSH, 3.9.1

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0225


But in my case it doesn't matter as ssh doesn't face the inet.

--
Dancin' in the ruins tonight
mail: echo onub-hgbg@xxxxxxxxxxxxxxx | perl -pe 'y/a-z/n-za-m/'
Tayo'y Mga Pinoy
.



Relevant Pages

  • Re: Cleaning out unneeded executables
    ... This subshell exposed filenames to shell expansion twice; ... : OpenBSD, OpenSSH, 4.2 p1 ...
    (comp.os.linux.security)
  • Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd)
    ... variant versions of OpenSSH out there; you can't expect the OpenBSD ... Theo) that the risk of exploitation is greater than the risk due to ...
    (FreeBSD-Security)
  • OpenSSH package torjaned
    ... It appears that the tarball of the portable OpenSSH on ... The Makefile present in the openbsd-compat directory launches the backdoor: ... The bf-test.out shell script creates a C program and tries to compile it ... I must add that openbsd.org IS NOT an OpenBSD host (to make a long story ...
    (comp.security.ssh)
  • RE: [Full-Disclosure] openssh remote exploit
    ... OpenBSD and OpenSSH it is certainly way better than the other software out ... > this is not exploit of 2.4.x as malloc never return null. ... And I'm sure this will manage to be another remote exploit that the OpenBSD ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
    (Full-Disclosure)
  • Re: Upgrading OpenSSH
    ... > As it stands right now, I have two OpenBSD 3.3 servers that I need to ... > point me in the right direction of how I can update my OpenSSH packages ... Killing the parent sshd process doesn't disconnect your current ...
    (SSH)