lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200309161514.29787.mark@ifl.net>
From: mark at ifl.net (Mark Vevers)
Subject: The lowdown on SSH vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 16 Sep 2003 2:09 pm, Carl Livitt wrote:
> There _is_ a patch:
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1
>.1.1.6&r2=1.1.1.7&f=h

- From the changelog for the release for todays version of openssh .... 3.7p1
note the change by Theo Deraddt to buffer.c ....

Anyone got the lowdown on the actual impact of this?

0030916
 - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve
   PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have 
it
   (eg Solaris, Reliant Unix).  Patch from Robert.Dahlem at siemens.com.
   ok djm@
 - (bal) OpenBSD Sync
   - deraadt@....openbsd.org 2003/09/16 03:03:47
     [buffer.c]
     do not expand buffer before attempting to reallocate it; markus ok
 - (djm) Crank spec versions
 - (djm) Banish (safe) sprintf from auth-pam.c. Patch from bal
 - (tim) [configure.ac] Fix portability issues.
 - (djm) Release 3.7p1


Cheers
Mark
- -- 
Mark Vevers.    mark@....net / mvevers@...com
Principal Internet Engineer, Internet for Learning,
Research Machines Plc  AS 5503
Tel: +44 1235 854314,   Fax: +44 1235 854693
- --
GPG Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB08F3CA3
Fingerprint: 85BA 30C4 9EC8 1792 4C8C   C31E 58B5 3D1C B08F 3CA3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/ZxrEWLU9HLCPPKMRApVWAJsH48BVydSHRChiVG00PhWwlIWOAgCglHRF
qU/naS9W5TuH6szclWcDXIY=
=A9yd
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ