rumours of openssh vulnerability
FreeBSD Security Officer
cperciva at freebsd.org
Wed Jul 8 00:52:57 UTC 2009
Hi all,
There are rumours flying around about a supposed vulnerability in OpenSSH. Two
details which I've seen mentioned many times are
(a) that this exploit was used to break into a RedHat system running OpenSSH 4.3
plus backported security patches, and
(b) that "recent" versions of OpenSSH are not affected;
but it's not clear if there is any basis for these rumours.
Given the almost complete lack of information here, there obviously will not be
a FreeBSD security advisory forthcoming until we know more. As such, I can only
recommend that the standard advice be followed: Use a firewall to limit who can
access OpenSSH; and make sure that you are running a supported FreeBSD release.
If anyone has any concrete information concerning this, please contact the
FreeBSD security team at <secteam at FreeBSD.org>.
--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
More information about the freebsd-security
mailing list