From owner-freebsd-security Tue Nov 16 12:22:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 42017152A5 for ; Tue, 16 Nov 1999 12:22:52 -0800 (PST) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id PAA99775; Tue, 16 Nov 1999 15:22:51 -0500 (EST) (envelope-from mike@sentex.net) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id PAA14011; Tue, 16 Nov 1999 15:22:51 -0500 (EST) Message-Id: <3.0.5.32.19991116152108.0170f850@staff.sentex.ca> X-Sender: mdtpop@staff.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Tue, 16 Nov 1999 15:21:08 -0500 To: spork From: Mike Tancsa Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:14 PM 11/16/99 -0500, spork wrote: >Also, has anyone been able to get openssh to compile on a 2.2 system? The >openssl port fails due to a flag to ld which does not exist back in 2.2 >land, but grabbing the source and compiling from scratch works. However >openssh fails as shown below... If anyone has patches for 2.2, please >post them. I cant help you with OpenSSH, but the patches for sshd have been commited to fix the exploit in question. ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message