Home page logo

bugtraq logo Bugtraq mailing list archives

Re: ZLib double free bug: Windows NT potentially unaffected
From: Dragos Ruiu <dr () kyx net>
Date: Thu, 14 Mar 2002 20:20:31 +0000

On Thu, 14 Mar 2002 18:05:06 +0000
Dragos Ruiu <dr () kyx net> wrote:
P.P.s. in other gossip, discussion of this vulnerability in such rapid succession 
with the recent off by one has led Niels Provos to have some wonderful ideas, 
and he's coming up with a priviledge separated version of sshd that does not 
need to be root when handling network input. Details on his homepage. His patch 
is not quite working yet, but he says it will migrate into the portable version 
of openssh when tested and debugged. Wheee. Provos++

(Plug: come talk to him about it in Vancouver in May at cansecwest. :-)

Ok, Niels is a fast developer.
The tarball at http://www.citi.umich.edu/u/provos/ssh/privsep.html 
(not the patch) is the appropriate item to download.

It still messes up on me for one strange client of mine and it still doesn't
like putty but it looks like some other ssh's n stupf work now. Who
knows, by the time you read this Niels may have fixed it all up.


--dr                  pgpkey: http://dragos.com/dr-dursec.asc
      CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]