Date: Fri, 10 Dec 1999 16:52:54 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: spork <spork@super-g.com> Cc: Todd Backman <todd@flyingcroc.net>, security@freebsd.org Subject: Re: Security Advisory: Buffer overflow in RSAREF2 (fwd) Message-ID: <Pine.BSF.4.21.9912101650450.35020-100000@hub.freebsd.org> In-Reply-To: <Pine.BSF.4.00.9912101932300.21197-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 10 Dec 1999, spork wrote: > root@ass[/usr/ports/security/rsaref]# ldd /usr/local/bin/ssh > /usr/local/bin/ssh: > libgmp.so.3 => /usr/lib/libgmp.so.3 (0x2806d000) > libz.so.2 => /usr/lib/libz.so.2 (0x28083000) > librsaref.so.2 => /usr/local/lib/librsaref.so.2 (0x28090000) > libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x28099000) > libutil.so.2 => /usr/lib/libutil.so.2 (0x280ae000) > libc.so.3 => /usr/lib/libc.so.3 (0x280b6000) > > does this mean that simply patching, recompiling, and installing librsaref > will fix ssh (for this vuln, not the last)? I'm not a genius with all > this shared lib stuff, but I think I'm reading this right... Yes. None of the librsaref code is included in the ssh binary itself, which would be the case if it was linked against the static librsaref.a (which you wouldn't see in ldd anyway). Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9912101650450.35020-100000>