Date: Thu, 7 Mar 2002 15:39:12 +0100 From: Jochem Kossen <j.kossen@home.nl> To: security@FreeBSD.org Subject: OpenSSH root hole Message-ID: <20020307143912.GA28250@jochem.dyndns.org>
next in thread | raw e-mail | index | archive | help
Yup, a new hole has been found in OpenSSH... Impact: HIGH: Existing users will gain root privileges. The advisory at http://www.pine.nl/advisories/pine-cert-20020301.txt says the FreeBSD OpenSSH port has been updated. Does anyone know when OpenSSH in base will be updated? The hole scares me a bit, although the patch is extremely small :) --- channels_old.c Mon Mar 4 02:07:06 2002 +++ channels.c Mon Mar 4 02:07:16 2002 @@ -151,7 +151,7 @@ channel_lookup(int id) { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020307143912.GA28250>