Full Disclosure mailing list archives
Re: The lowdown on SSH vulnerability
From: Mark Vevers <mark () ifl net>
Date: Tue, 16 Sep 2003 15:14:28 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 16 Sep 2003 2:09 pm, Carl Livitt wrote:
There _is_ a patch: http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1 .1.1.6&r2=1.1.1.7&f=h
- From the changelog for the release for todays version of openssh .... 3.7p1
note the change by Theo Deraddt to buffer.c ....
Anyone got the lowdown on the actual impact of this?
0030916
- (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve
PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have
it
(eg Solaris, Reliant Unix). Patch from Robert.Dahlem at siemens.com.
ok djm@
- (bal) OpenBSD Sync
- deraadt () cvs openbsd org 2003/09/16 03:03:47
[buffer.c]
do not expand buffer before attempting to reallocate it; markus ok
- (djm) Crank spec versions
- (djm) Banish (safe) sprintf from auth-pam.c. Patch from bal
- (tim) [configure.ac] Fix portability issues.
- (djm) Release 3.7p1
Cheers
Mark
- --
Mark Vevers. mark () ifl net / mvevers () rm com
Principal Internet Engineer, Internet for Learning,
Research Machines Plc AS 5503
Tel: +44 1235 854314, Fax: +44 1235 854693
- --
GPG Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB08F3CA3
Fingerprint: 85BA 30C4 9EC8 1792 4C8C C31E 58B5 3D1C B08F 3CA3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/ZxrEWLU9HLCPPKMRApVWAJsH48BVydSHRChiVG00PhWwlIWOAgCglHRF
qU/naS9W5TuH6szclWcDXIY=
=A9yd
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- The lowdown on SSH vulnerability Carl Livitt (Sep 16)
- Re: The lowdown on SSH vulnerability Carl Livitt (Sep 16)
- Re: The lowdown on SSH vulnerability B.K. DeLong (Sep 16)
- Re: The lowdown on SSH vulnerability Mark Vevers (Sep 16)
- RE: The lowdown on SSH vulnerability Andy Wood (Sep 16)
- RE: The lowdown on SSH vulnerability Ivan Dimitrov (Sep 19)
- Re: The lowdown on SSH vulnerability Daniel Berg (Sep 16)
- SSH Vulnerability Dan A. Milisic (Sep 16)
- Re: The lowdown on SSH vulnerability Joe Shevland (Sep 16)
- <Possible follow-ups>
- Re: The lowdown on SSH vulnerability Robert Jaroszuk (Sep 16)
- Re: The lowdown on SSH vulnerability Carl Livitt (Sep 16)
