Date: Sun, 14 Nov 1999 22:56:40 -0500 From: Mike Tancsa <mike@sentex.net> To: freebsd-security@FreeBSD.ORG Subject: ssh-1.2.27 remote buffer overflow - work around ?? Message-ID: <4.1.19991114225545.04626d60@granite.sentex.ca> In-Reply-To: <19991114165649.A95613@osaka.louisville.edu> References: <4.1.19991114153939.046249a0@granite.sentex.ca> <4.1.19991114000355.04d7f230@granite.sentex.ca> <Pine.BSF.3.96.991114133831.48981B-100000@fledge.watson.org > <4.1.19991114153939.046249a0@granite.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:56 PM 11/14/99 , Keith Stevenson wrote: >On Sun, Nov 14, 1999 at 03:46:00PM -0500, Mike Tancsa wrote: >> >> I am not so worried at this point about kerb integration, as I dont use it. >> What I am worried about is remote root exploitation.... Or am I missing >> something in the bugtraq post ? The poster indicates remote root >> exploitation is difficult, but possible in >> http://www.freebsd.org/cgi/query-pr.cgi?pr=14749 >> I have cc'd the official maintainer. Perhaps he could comment ? > >I get the impression from the Bugtraq post that only SSH linked against >RSAREF is vulnerable. Pity that those of us in the US are required to use >the buggy code. Actually, in this case, will USA_RESIDENT=NO in the make file then get around this problem ? ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19991114225545.04626d60>