Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: FreeBSD 4.x OpenSSH/libopie remote root hole
From: Colin Percival <cperciva () freebsd org>
Date: Mon, 04 Jul 2011 21:24:45 -0700

On 07/04/11 16:09, Solar Designer wrote:
I'd be interested in more detail on this bug.  So far, the closest to a
description of the bug that I saw is this:

http://lists.openwall.net/full-disclosure/2011/07/01/4

but it's not enough.

I'd like to learn not only on my own, but also on others' mistakes. ;-)
And for this purpose it does not matter how old the software is and
whether it is still supported or not.

Colin - any comments from you?  I realize the bug is not yours, but
perhaps you're one of the few people who have figured it out now, for a
reason similar to mine.

I haven't had time to investigate, in part because I don't have any systems
running that ancient openssh any more.  I'm interested to hear if anyone has
tracked down exactly where the bug was, though.

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault