Date: Sun, 14 Nov 1999 16:56:49 -0500 From: Keith Stevenson <k.stevenson@louisville.edu> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Message-ID: <19991114165649.A95613@osaka.louisville.edu> In-Reply-To: <4.1.19991114153939.046249a0@granite.sentex.ca> References: <4.1.19991114000355.04d7f230@granite.sentex.ca> <Pine.BSF.3.96.991114133831.48981B-100000@fledge.watson.org > <4.1.19991114153939.046249a0@granite.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 14, 1999 at 03:46:00PM -0500, Mike Tancsa wrote: > > I am not so worried at this point about kerb integration, as I dont use it. > What I am worried about is remote root exploitation.... Or am I missing > something in the bugtraq post ? The poster indicates remote root > exploitation is difficult, but possible in > http://www.freebsd.org/cgi/query-pr.cgi?pr=14749 > I have cc'd the official maintainer. Perhaps he could comment ? I get the impression from the Bugtraq post that only SSH linked against RSAREF is vulnerable. Pity that those of us in the US are required to use the buggy code. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991114165649.A95613>