From owner-freebsd-security  Sun Nov 14 12:45:14 1999
Delivered-To: freebsd-security@freebsd.org
Received: from sand2.sentex.ca (sand2.sentex.ca [209.167.248.3])
	by hub.freebsd.org (Postfix) with ESMTP
	id DAA93150D9; Sun, 14 Nov 1999 12:45:08 -0800 (PST)
	(envelope-from mike@sentex.net)
Received: from gravel (ospf-mdt.sentex.net [205.211.164.81])
	by sand2.sentex.ca (8.8.8/8.8.8) with SMTP id PAA24205;
	Sun, 14 Nov 1999 15:45:03 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <4.1.19991114153939.046249a0@granite.sentex.ca>
X-Sender: mdtancsa@granite.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Sun, 14 Nov 1999 15:46:00 -0500
To: Robert Watson <robert+freebsd@cyrus.watson.org>
From: Mike Tancsa <mike@sentex.net>
Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)
Cc: freebsd-security@freebsd.org, torstenb@freebsd.org
In-Reply-To: <Pine.BSF.3.96.991114133831.48981B-100000@fledge.watson.org
 >
References: <4.1.19991114000355.04d7f230@granite.sentex.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 01:40 PM 11/14/99 , Robert Watson wrote:
>
>I've started switching my machines to OpenSSH -- however, our port
>specifically disables K4 and AFS support :-).  If I have time over the
>next few days (unlikely, traveling to Albuquerque for a DARPA conference),
>I'll mail in some patches to get K4 working.  Otherwise, OpenSSH port
>seemed to work out of the box for me -- the one other change I made was to
>enable X forwarding in the ssh server.  My feeling is disabling it in the
>client is far more useful, as it's the client giving out access to its
>display, not the server :-). 

I am not so worried at this point about kerb integration, as I dont use it.
What I am worried about is remote root exploitation.... Or am I missing
something in the bugtraq post ? The poster indicates remote root
exploitation is difficult, but possible in
http://www.freebsd.org/cgi/query-pr.cgi?pr=14749
I have cc'd the official maintainer.  Perhaps he could comment ?

	---Mike
**********************************************************************
Mike Tancsa, Network Admin        *  mike@sentex.net
Sentex Communications Corp,       *  http://www.sentex.net/mike
Cambridge, Ontario                *  01.519.651.3400
Canada                            *


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message