Date: Sun, 1 Nov 1998 19:11:00 -0500 (EST) From: "Matthew N. Dodd" <winter@jurai.net> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) Message-ID: <Pine.BSF.4.02.9811011909290.17054-100000@sasami.jurai.net> In-Reply-To: <21498.909965295@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 1 Nov 1998, Jordan K. Hubbard wrote: > I read that too, yeah. Basically, I've seen evidence of provable > buffer overflows (but not proven exploitability of same) and I've seen > a hacked site who admins can't think of many other ways to be hacked > and are pointing either correctly or incorrectly at ssh as the cause > in their first round of theories. Either way, it's just all too > guessy for me right now - I'd sure like to see an actual exploit here > before declaring this most security scare concluded. :( Indeed. I attempted to keep my original message fairly neutral for that reason. At this point there isn't any reason not to go about fixing these potential problems though. -- | Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS | | winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax | | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9811011909290.17054-100000>