NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2002-03

From: Jochem Kossen (j.kossenhome.nl)
Date: Thu Mar 07 2002 - 08:39:12 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yup, a new hole has been found in OpenSSH...

Impact: HIGH: Existing users will gain root privileges.

The advisory at http://www.pine.nl/advisories/pine-cert-20020301.txt
says the FreeBSD OpenSSH port has been updated. Does anyone know when
OpenSSH in base will be updated?

The hole scares me a bit, although the patch is extremely small :)

--- channels_old.c Mon Mar 4 02:07:06 2002
+++ channels.c Mon Mar 4 02:07:16 2002
-151,7 +151,7
channel_lookup(int id)
{
         Channel *c;
- if (id < 0 || id > channels_alloc) {
+ if (id < 0 || id >= channels_alloc) {
                 log("channel_lookup: %d: bad id", id);
                 return NULL;
         }

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]