FreeBSD extra ssh port listening flaw

freebsd-ssh-ports (4638) The risk level is classified as LowLow Risk

Description:

A vulnerability exists in FreeBSD that can allow users with valid SSH (Secure Shell) credentials to access the ssh server on a non-standard port, which could lead to the bypassing of IP address access controls on the standard SSH port. This flaw is due to a faulty patch added to the FreeBSD SSH port on January 14th, 2000.

Platforms Affected:

  • FreeBSD, FreeBSD 4.0

Remedy:

Upgrade your ports collection and rebuild the ssh port, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-00:21. See References.

— OR —

Download a new port skeleton for the ssh port from, and use it to rebuild the port, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-00:21. See References.

— OR —

Use one of the following workarounds, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-00:21 (see References):

  • In /usr/local/etc/sshd_config, comment out the line "Port 722", then restart sshd.
  • Limit connections to port 722 by adding filtering rules to your perimeter firewall, or on the local system (using ipfw or ipf).
  • Uninstall the ssh port/package.

Consequences:

References:

Reported:

Jun 07, 2000

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page