freebsd 5.2.1 openssh hole
Vince Hoffman
jhary at unsane.co.uk
Mon May 24 12:47:55 PDT 2004
On Mon, 24 May 2004, Thomas May wrote:
> Hi,
>
>
>
> i have installed the new version 5.2.1 and the ports collection from
> yesterday. i have checked the server
>
> with nessus and I got a security hole warning.
>
>
>
> You are running a version of OpenSSH which is older than 3.7.1
>
>
>
> Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
I think this should be ammended to "Unpatched Versions older than 3.7.1
are etc etc ..."
it looks like its refering to CERT Advisory CA-2003-24i [1], which effects
unpatched versions of less than OpenSSH 3.7.1. however this was patched in
freebsd (base and ports) the same day the advisory came out [2].
if your worried though, or want the newest version, install ssh from
ports.
Vince
>
> functions which might allow an attacker to execute arbitrary commands on
> this
>
> host.
>
>
>
> What can I do ? I have installed openssl from the ports tree, but I got the
> same error.
>
>
>
>
>
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.689 / Virus Database: 450 - Release Date: 21.05.2004
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
[1]http://www.cert.org/advisories/CA-2003-24.html
[2]ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc
More information about the freebsd-questions
mailing list