OpenSSH Vulnerable Prior to 3.7.1
Dave Tweten
tweten at nas.nasa.gov
Thu Jan 22 11:49:49 PST 2004
I just received a computer security bulletin from another (reliable)
source stating that there are indications of an exploit in the wild for
versions of OpenSSH prior to 3.7.1. It says the exploit can produce
denial of service or administrative control of the target system. Sshd on
my FreeBSD-STABLE system from last Saturday says it is version 3.5p1.
I understand that FreeBSD patches old versions of OpenSSH instead of
substituting new ones, but my question is whether sshd version
"OpenSSH_3.5p1 FreeBSD-20030924" has these vulnerabilities fixed. Is it
as secure as OpenSSH 3.7.1?
--
M/S 258-5 |1024-bit PGP fingerprint:|tweten at nas.nasa.gov
NASA Ames Research Center | 41 B0 89 0A 8F 94 6C 59| (650) 604-4416
Moffett Field, CA 94035-1000| 7C 80 10 20 25 C7 2F E6|FAX: (650) 604-4377
Not an official NASA position. You can't even be certain who sent this!
More information about the freebsd-stable
mailing list