# Warning: OpenSSH 3.5p1 Remote Root Exploit for FreeBSD 4.x



## bes (Jul 1, 2011)

http://lists.grok.org.uk/pipermail/full-disclosure/2011-June/081722.html


----------



## SirDice (Jul 1, 2011)

*Remote root exploit for FreeBSD 4.9 and 4.11*

Yes, I know these versions have been end-of-life for a few years.

But I see quite some posts from people that are still running these ancient versions. Perhaps this is the incentive to finally upgrade them.



> The last two days I have been investigating a vulnerability in OpenSSH
> affecting at least FreeBSD 4.9 and 4.11. These FreeBSD versions run
> OpenSSH 3.5p1 in the default install.
> 
> ...



http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110630/fcd34bf6/attachment.obj

Needless to say, this bug won't be fixed. 

http://www.freebsd.org/security/#sup


----------



## Pushrod (Jul 1, 2011)

So install a more recent version of OpenSSH then.

And yes, 4.X is still alive and well on many machines.


----------



## SirDice (Jul 1, 2011)

Pushrod said:
			
		

> So install a more recent version of OpenSSH then.


Better yet, install a more recent version of FreeBSD.


----------

