Re: OpenSSH Vulns (new?) Priv seperation

From: Jose Nazario (joseat_private)
Date: Wed Jun 26 2002 - 09:47:26 PDT

  • Next message: Anibal Ambertin: "Re: Java and buffer overflows"

    On Tue, 25 Jun 2002, wirepair wrote:
    
    > http://www.securiteam.com/securitynews/5HP0L1F7FA.html Has anyone
    > recieved any more information on this? If so what exactly is the issue?
    > This is the part that scares me:
    
    deadly.org has links to the appropriate info, including the ISS advisory.
    the quick summary is that it is the challenge-response negotiation in the
    ssh2 code.
    
    3.4 has been announced and the fix has been put in. the openbsd.org web
    page has been updated, too, to reflect the existence of one remote hole in
    the default install in nearly 6 years.
    
    ___________________________
    jose nazario, ph.d.			joseat_private
    					http://www.monkey.org/~jose/
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 21:20:20 PDT