lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Dec 19 16:10:01 2005 From: rodrigob at suespammers.org (Rodrigo Barbosa) Subject: More info ? Re: [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Dec 19, 2005 at 06:54:40AM +0100, Martin Schulze wrote: > A buffer overflow has been discovered in dropbear, a lightweight SSH2 > server and client, that may allow authenticated users to execute > arbitrary code as the server user (usually root). Does anyone can provide pointers to this issue ? Maybe a paper ? I'm kind of worried, since dropbear is used on openwrt. []s - -- Rodrigo Barbosa <rodrigob@...spammers.org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDptttpdyWzQ5b5ckRAtKZAJ9nZVU4I8F7+oxM6mipCzzb/o2IkACeKLq+ kriWAndC47CW6jUigWzOJZQ= =/9fZ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists