|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: SSH 1.2.26 vulnerability real or not?
From: Jan IVEN (jan.iven
CERN.CH)Date: Fri Aug 18 2000 - 04:40:15 CDT
- Next message: Sebastian Pape: "Re: "Re: ping flooding as normal user" and strange icmp behavior withLinux 2.4"
- Previous message: Nick FitzGerald: "Re: Whats this "repair.hta""
- Maybe reply: Jan IVEN: "Re: SSH 1.2.26 vulnerability real or not?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>>>>> "PM" == Bluefish (P Magnusson) <11aGMX.NET> writes:
PM> I'm curious about an old SSH issue I stumbled accross at
PM> http://marc.theaimsgroup.com. It's regarding the old SSH 1.2.26 code.
....
PM> Trying to stay away from flaming SSH, but can you really commit a fix and
PM> at the same time deny that there is no problem?
From the very same archive you were quoting:
> List: freebsd-security
> Subject: Re: [rootshell] Security Bulletin #25 (fwd)
> From: Warner Losh <impvillage.org>
> Date: 1998-11-02 22:37:33
>
> Just so everyone knows, this advisory was only a draft advisory and
> was cancelled over the weekend. I saw the original advisory and
> checked stuff in based on it, since generally changes like this are
> good and can't hurt anything. After I checked in the fixes to ssh, I
> discovered that it had been determined that there was no way of
> exploiting this buffer call because all the places that called it had
> bounds checking.
>
> Given that the changes I made don't hurt anything, I'm going to leave
> them in for now.
Regards
Jan
- Next message: Sebastian Pape: "Re: "Re: ping flooding as normal user" and strange icmp behavior withLinux 2.4"
- Previous message: Nick FitzGerald: "Re: Whats this "repair.hta""
- Maybe reply: Jan IVEN: "Re: SSH 1.2.26 vulnerability real or not?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]