From owner-freebsd-security Sun Nov 14 13:59:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36]) by hub.freebsd.org (Postfix) with ESMTP id 765001520B for ; Sun, 14 Nov 1999 13:59:43 -0800 (PST) (envelope-from k.stevenson@louisville.edu) Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114]) by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id 4384824D0E for ; Sun, 14 Nov 1999 16:59:43 -0500 (EST) Received: by osaka.louisville.edu (Postfix, from userid 15) id 3A33518605; Sun, 14 Nov 1999 16:59:43 -0500 (EST) Date: Sun, 14 Nov 1999 16:59:43 -0500 From: Keith Stevenson To: freebsd-security@freebsd.org Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Message-ID: <19991114165943.B95613@osaka.louisville.edu> References: <4.1.19991114000355.04d7f230@granite.sentex.ca> <19991114165649.A95613@osaka.louisville.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <19991114165649.A95613@osaka.louisville.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Nov 14, 1999 at 04:56:49PM -0500, Keith Stevenson wrote: > > I get the impression from the Bugtraq post that only SSH linked against > RSAREF is vulnerable. Pity that those of us in the US are required to use > the buggy code. (Replying to myself) Oops. I think I gave the wrong impression. As I understand it the bug is in the interaction between SSH 1.2.27 and the library call to RSAREF. The combination is buggy, not RSAREF. -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message