mailing list archives
Re: FreeBSD 4.x OpenSSH/libopie remote root hole
From: Colin Percival <cperciva () freebsd org>
Date: Mon, 04 Jul 2011 21:24:45 -0700
On 07/04/11 16:09, Solar Designer wrote:
I'd be interested in more detail on this bug. So far, the closest to a
description of the bug that I saw is this:
but it's not enough.
I'd like to learn not only on my own, but also on others' mistakes. ;-)
And for this purpose it does not matter how old the software is and
whether it is still supported or not.
Colin - any comments from you? I realize the bug is not yours, but
perhaps you're one of the few people who have figured it out now, for a
reason similar to mine.
I haven't had time to investigate, in part because I don't have any systems
running that ancient openssh any more. I'm interested to hear if anyone has
tracked down exactly where the bug was, though.
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid