Jan Schaumann writes:

>I was under the impression the exploit affects OpenSSH <= 2.3.0 ?

Anything below 2.9p2 is vulnerable to one or some other exploit of
various seriousness, there seems to be at least one new openssh
vulnerability per week these days, it seems to have more exploits
than sendmail ever had!  Anyways, I just see that FreeBSD issued
another one, apparently certain versions of openssh prior to 3.0.2
are vulnerable to some local root exploit if some option is set,
well...  (I'd prefer if things like openssh, and postfix/sendmail
were not shipped in-base... or other way, wasn't someone working
on a pkg'ized base distribution, iirc?)

--mkb