|

»

freebsd-security

rumours of openssh vulnerability

View: New views

3 Messages — Rating Filter: Alert me

	rumours of openssh vulnerability by FreeBSD Security Officer :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi all, There are rumours flying around about a supposed vulnerability in OpenSSH. Two details which I've seen mentioned many times are (a) that this exploit was used to break into a RedHat system running OpenSSH 4.3 plus backported security patches, and (b) that "recent" versions of OpenSSH are not affected; but it's not clear if there is any basis for these rumours. Given the almost complete lack of information here, there obviously will not be a FreeBSD security advisory forthcoming until we know more. As such, I can only recommend that the standard advice be followed: Use a firewall to limit who can access OpenSSH; and make sure that you are running a supported FreeBSD release. If anyone has any concrete information concerning this, please contact the FreeBSD security team at <secteam@...>. -- Colin Percival Security Officer, FreeBSD \| freebsd.org \| The power to serve Founder / author, Tarsnap \| tarsnap.com \| Online backups for the truly paranoid _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."
	Re: rumours of openssh vulnerability by Igor Mozolevsky-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message 2009/7/8 FreeBSD Security Officer <cperciva@...>: > There are rumours flying around about a supposed vulnerability in OpenSSH. [snip] More information is at the Internet Storm Center: http://isc.sans.org/diary.html?storyid=6742 Cheers, -- Igor _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."
	Re: rumours of openssh vulnerability by Nigel Houghton-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Jul 7, 2009 at 9:15 PM, Igor Mozolevsky<mozolevsky@...> wrote: > 2009/7/8 FreeBSD Security Officer <cperciva@...>: > >> There are rumours flying around about a supposed vulnerability in OpenSSH. > > [snip] > > More information is at the Internet Storm Center: > http://isc.sans.org/diary.html?storyid=6742 > > > Cheers, > -- > Igor Actually, no, there isn't any more information on the ISC blog. There is actually less information, the logs are truncated (not that there's anything to see in them anyway). Nice to see an appropriate reaction to this "issue" from Colin. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."