If anyone cares about this, this entire class of bugs received a
massive patching by Theo in the openbsd tree before openssh 3.3 was
patched to fix the exploit. I'm sure eyeballs are still looking at
u_int/int code, but a large number of fixes have already been
committed.

jeff

> I'm pretty certain we'll be seeing the team looking for similar integer
> overflows in the OpenBSD and related projects code very soon to catch any
> potential issues, just like they did with format string bugs. If I wasn't
> confident in that I wouldn't continue using the software. Now let them
> get to work and quit demanding answers from them like they owe you
> something.
>
> Regards,
> --
> Joseph
>

-- 
Jeff Bachtel  (rootISC,TAMU)    http://www.cepheid.org/~jeff
				 [finger jeffcepheid.org for PGP key]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]