POC and patch for the CVE-2018-15473
Gareth de Vaux
security at lordcow.org
Mon May 13 17:03:47 UTC 2019
On Mon 2019-05-13 (10:32), Brett Glass wrote:
> On my FreeBSD 11-STABLE boxes, the "distinfo" file for the
> "openssh-portable" port shows the version as "openssh-7.9p1". So,
> this is not 7.8 (which was tested with 12.0, at least, if not 11.x)
> and also has not been specifically tailored for FreeBSD. Am I
> likely to see any issues with the use of existing configuration
> files, performance, or features? Just asking, as a precaution, to
> ensure that I do not find myself with an unreachable machine if I
> install on a remote server.
I'm currently using it on 11-STABLE and prefer it for security reasons
but that's a longer discussion. Average configurations shouldn't be
affected but you can install and configure it on a different port
(/usr/local/etc/ssh/sshd_config as opposed to /etc/ssh/sshd_config)
and start it without killing the existing sshd so you won't get
locked out.
/etc/rc.conf:
#sshd_enable="YES"
openssh_enable="YES"
More information about the freebsd-security
mailing list