Date: Sun, 8 Nov 1998 11:08:25 +0800 (WST) From: Dean Hollister <dean@odyssey.apana.org.au> To: ports@FreeBSD.ORG Subject: SSH admits exploit in 1.2.26 client (fwd) Message-ID: <Pine.BSF.4.05.9811081108030.3758-100000@odyssey.apana.org.au>
next in thread | raw e-mail | index | archive | help
Has version 2 been ported yet? Hi Dean, This is probably a reason to upgrade to ver 2? Rootshell.com was recently hacked and exploit in SSH ver 1.2.26 was aparrently used. No exploit is known in ver 2 code. SSH Admits Buffer Overflow in 1.2.26 client 11/5/98 8:44AM PDT This morning SSH Communications Security LTD. released information about a buffer overflow in its ssh 1.2.26 client kerberos code. This came as quite a surprise after SSH was very bullish about there being no buffer overflows in their code. While it is VERY hard to exploit and only works under certain conditions, it is still a valid security hole. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811081108030.3758-100000>