|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dag-Erling Smorgrav (des
ofug.org)Date: Tue Jul 02 2002 - 20:03:46 CDT
"Peter Brezny" <peterskyrunner.net> writes:
> I've been trying to get clear on whether or not freebsd-stable (4.6-STABLE
> FreeBSD 4.6-STABLE #0: Sat Jun 29 00:37:13 EDT 2002) has resolved the
> problem listed in CA-2002-18 from CERT.
>
> it doesn't appear so since it's running Openssh_2.9 and
> http://openssh.org/txt/preauth.adv clearly says that freebsd is vulnerable.
I don't know how many times I have to say this:
FreeBSD-STABLE's version of OpenSSH is not vulnerable.
Anyone who tells you otherwise is lying or misinformed.
The OpenBSD advisory is (quite possibly intentionally) misleading. It
lists FreeBSD as vulnerable becaue FreeBSD-CURRENT was, for about
three months (late March to late June 2002). Note that by the
standards OpenBSD apply to their own software, FreeBSD is not and was
never vulnerable, because no FreeBSD release ever shipped with a
vulnerable version of OpenSSH.
DES
-- Dag-Erling Smorgrav - desTo Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]