Bugtraq: Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Tue, 28 Sep 1999 22:17:18 +0100

On Mon, 27 Sep 1999 11:35:44 EDT, Dan Astoorian <djast () CS TORONTO EDU>  said:

A trivial demo program that demonstrates the problem is attached.  (It
needs no special privileges; run it as an unprivileged user in any
writable directory.)  The program reports "okay" under Solaris 2.5.1 and
IRIX 6.5.2, "vulnerable" under RedHat 6.


AIX 4.3.2 with all the recent Fixdist patches also says "okay".


Linux will also do so very soon. There are no standards issues here just
common sense. So Solar's patches for that and mknod are "no brainer" fixes

By Date By Thread

Current thread:

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy], (continued)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 27)
  - ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
    - Re: ufsdump problem under Solaris 2.6 with ufs.c Carson Gaspar (Sep 29)
  - Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sean-Paul Rees (Sep 27)
  - Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Valdis.Kletnieks () VT EDU (Sep 27)
    - Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Alan Cox (Sep 28)
  - Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Mike Iglesias (Sep 28)
  - Team Asylum: iHTML Merchant Vulnerabilities Team Asylum (Sep 28)
  - Team Asylum: Yahoo! Messenger DoS Team Asylum (Sep 28)
  - Sun's TTSESSION Vulnerability Bauer, Rich (Sep 29)
    - Re: Sun's TTSESSION Vulnerability Richard L. Goerwitz (Sep 29)