Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 27 Jan 2012 22:46:22 -0700


TL;DR anyone shipping OpenSSH portable 5.4 and 5.5 is vulnerable and needs to fix this.

This may also affect OpenSSH 5.4/5.5 (non portable) which I'll test when I get home.

Confirmed the code is basically identical, didn't actually run them to
test (since it's been fixed in OpenBSD for quite some time now).


-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]