From owner-freebsd-security Tue Jun 25 12:19:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by hub.freebsd.org (Postfix) with ESMTP id BE48E37BB25; Tue, 25 Jun 2002 12:19:24 -0700 (PDT) Received: from radix.cryptio.net (localhost [127.0.0.1]) by radix.cryptio.net (8.12.3/8.12.3) with ESMTP id g5PJJFYt033345 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 25 Jun 2002 12:19:16 -0700 (PDT) (envelope-from emechler@radix.cryptio.net) Received: (from emechler@localhost) by radix.cryptio.net (8.12.3/8.12.3/Submit) id g5PJJFfE033344; Tue, 25 Jun 2002 12:19:15 -0700 (PDT) Date: Tue, 25 Jun 2002 12:19:15 -0700 From: Erick Mechler To: Doug Barton Cc: Michael Richards , security@FreeBSD.ORG Subject: Re: Upcoming OpenSSH vulnerability Message-ID: <20020625121915.P21793@techometer.net> References: <3D17F647.000045.31912@ns.interchange.ca> <3D183942.6FF6C3B4@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3D183942.6FF6C3B4@FreeBSD.org>; from Doug Barton on Tue, Jun 25, 2002 at 02:34:58AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :: > After reviewing the code of the new 3.3.1p I've located a very simple :: > yet obscure root exploit for this new version :: :: Can we safely assume that you've made the openssh developers aware of :: your findings? Michael, Doug, any word on the status of this? Have the OpenSSH developers been notified of this? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message