Hi all, There are rumours flying around about a supposed vulnerability in OpenSSH. Two details which I've seen mentioned many times are (a) that this exploit was used to break into a RedHat system running OpenSSH 4.3 plus backported security patches, and (b) that "recent" versions of OpenSSH are not affected; but it's not clear if there is any basis for these rumours.
Given the almost complete lack of information here, there obviously will not be a FreeBSD security advisory forthcoming until we know more. As such, I can only recommend that the standard advice be followed: Use a firewall to limit who can access OpenSSH; and make sure that you are running a supported FreeBSD release. If anyone has any concrete information concerning this, please contact the FreeBSD security team at <[email protected]>. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
