Date: Mon, 02 Oct 2006 14:25:05 -0700 From: Colin Percival <cperciva@freebsd.org> To: Theo de Raadt <deraadt@cvs.openbsd.org> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh Message-ID: <452183B1.7000306@freebsd.org> In-Reply-To: <200610022000.k92K0B5P009759@cvs.openbsd.org> References: <200610022000.k92K0B5P009759@cvs.openbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Theo de Raadt wrote:
>> The OpenSSH project believe that the race condition can lead to a Denial
>> of Service or potentially remote code execution
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Bullshit. Where did anyone say this?
The OpenSSH 4.4 release announcement says that, actually:
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pre-authentication remote code execution if GSSAPI authentication
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
is enabled, but the likelihood of successful exploitation appears
remote.
Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?452183B1.7000306>