|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)
Brian Fundakowski Feldman (green
FREEBSD.ORG)
Sun, 14 Nov 1999 19:23:52 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Alan Cox: "Re: BIND bugs of the month (fwd)"
- Previous message: Ussr Labs: "NetCPlus SmartServer3 POP 3.51.1 EXPLOIT"
- Next in thread: Oystein Viggen: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
On Sat, 13 Nov 1999, Theo de Raadt wrote:
> The upcoming OpenBSD 2.6 release contains/includes an ssh implimentation
> which is derived from an earlier ssh 1 (and thus has no Datafellows
> licencing issues). We are calling this ssh by the name "OpenSSH".
>
> Anyways, in the process of rewriting parts of ssh, the OpenSSH
> developers accidentally fixed this bug. Whoops! :-)
I'd like people to note that, in FreeBSD, you should be using the
"OpenSSH-1.2" package, ports/security/openssh. This is a direct port
of the OpenSSH source from the OpenBSD CVS, and as such is that much
more secure than plain SSH, and OpenSSH should be used instead where
possible.
-- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green
- Next message: Alan Cox: "Re: BIND bugs of the month (fwd)"
- Previous message: Ussr Labs: "NetCPlus SmartServer3 POP 3.51.1 EXPLOIT"
- Next in thread: Oystein Viggen: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
This archive was generated by hypermail 2.0b3 on Mon Nov 15 1999 - 01:12:16 CST