openssh in 4.9

Wayne Pascoe freebsd-questions at penguinpowered.org
Fri Oct 31 00:54:42 PST 2003


On Thu, Oct 30, 2003 at 10:22:06AM -0800, Kris Kennaway wrote:
> Please read the security advisory.

I've read the advisory. It states a couple of workarounds (which I
enabled at the time anyway) and also states that the problem is
rectified in -STABLE beyond a certain date.

However, looking at the openssh advisory's, the only fix is to be
running a version 3.7.1p1 or later. So I'm confused. Have the FreeBSD
team backported these fixes into 3.5.1 ? 

One of my problems is that some of my clients occasionally have 3rd
parties perform penetration testing on our servers. I need an
explanation for when the 3rd party comes back and says that I am running
a vulnerable ssh.

Regards,

-- 
Wayne Pascoe
Everything to excess. To enjoy the flavour of 
life, take big bites. Moderation is for 
monks. - Robert Heinlein


More information about the freebsd-questions mailing list