Date: Thu, 26 Oct 2000 05:50:49 -0700 (PDT) From: Zvezdelin Vladov <zvezdi_v@yahoo.com> To: security-officer@FreeBSD.org, freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: OpenSSH 2.1.x printf-style format string bugs! Message-ID: <20001026125049.29375.qmail@web805.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Dear Sirs, Excuse me if I am wrong, but on the RELENG_4 tag, the openssh port seems to be the old version, and as far as I can see,( on the http://www.freebsd.org/cgi/cvsweb.cgi/src/ RELENG_4 tag) And there are *some* security problems with it: http://www.openbsd.org/errata.html 028: SECURITY FIX: Oct 6, 2000 There are printf-style format string bugs in several privileged programs. Looks like we've missed something. Please note, that -current has the patched (2.2.0) version of openssh. Please note, that the openssh.2.2.0p1 distribution downloaded from openssh.com, fixes it too. Can't understand why this patch, among others: if (fail) { - log(buf); fclose(f); + log("%s",buf); restore_uid(); return 0; } has been published at oct/06, and 2.2.0 is available as of september, in which the above is patched. Just last night compiled openssh2.2.0p1, on my machine, just to replace the buggy code. ̉he ports is with the old version, nomatter that it has been updated through cvsup 1 week ago, the same done with /usr/src/ tree. As far as I noticed, the above fragment has *not* been present on any of the sources-the ports, under /usr/ports/security/openssh/ and the /usr/src/ RELENG_4 branch.(4.x-stable) Regards, Zvezdelin Vladov __________________________________________________ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001026125049.29375.qmail>