|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Maxence Rousseau (mrousseau_at_k-meleon.com)
Date: Mon Jan 06 2003 - 17:19:26 CST
----- Original Message -----
From: "Global InterSec Research" <lists
globalintersec.com>
To: <bugtraqsecurityfocus.com>
Sent: Monday, January 06, 2003 9:05 PM
Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
>
> As some may have gathered, the advisory recently posted by
mmhshushmail.com
> was indeed a fake, intended to highlight several unclear statements made
in GIS2002062801.
>
> The advisory in question is currently being updated with more detailed
information and will be
> re-posted at: http://www.globalintersec.com/adv/openssh-2002062801.txt as
soon as it becomes
> available.
>
> Note that the kbd-init flaw described in GIS2002062801 was proven to be
exploitable in our lab
> although not all evidence to demonstrate this was provided in the original
advisory. A mistake
> was made in the original advisory draft, where chunk content data was
shown, rather than the
> entire corrupted malloc chunk. This will be amended in the revision.
>
> Also note that to our knowledge there are currently no known, exploitable
flaws in OpenSSH 3.5p1,
> due to its use of PAM as suggested by mmhshushmail.com. It is almost
certain that the posted
> bogus advisory was also intended to cause alarm amongst communities using
OpenSSH, through
> miss-information.
>
>
> Global InterSec LLC.
>
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]