Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)

From: Brian Fundakowski Feldman (greenat_private)
Date: Sun Nov 14 1999 - 16:23:52 PST

Next message: D. J. Bernstein: "Re: BIND bugs of the month (spoofing secure Web sites?)"

Previous message: Alan Cox: "Re: BIND bugs of the month (fwd)"
Maybe in reply to: Blue Boar: "ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Next in thread: Oystein Viggen: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 13 Nov 1999, Theo de Raadt wrote:

> The upcoming OpenBSD 2.6 release contains/includes an ssh implimentation
> which is derived from an earlier ssh 1 (and thus has no Datafellows
> licencing issues).  We are calling this ssh by the name "OpenSSH".
>
> Anyways, in the process of rewriting parts of ssh, the OpenSSH
> developers accidentally fixed this bug.  Whoops! :-)

I'd like people to note that, in FreeBSD, you should be using the
"OpenSSH-1.2" package, ports/security/openssh.  This is a direct port
of the OpenSSH source from the OpenBSD CVS, and as such is that much
more secure than plain SSH, and OpenSSH should be used instead where
possible.

--
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 greenat_private                    `------------------------------'

Next message: D. J. Bernstein: "Re: BIND bugs of the month (spoofing secure Web sites?)"
Previous message: Alan Cox: "Re: BIND bugs of the month (fwd)"
Maybe in reply to: Blue Boar: "ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Next in thread: Oystein Viggen: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:30 PDT