From owner-freebsd-security Tue Nov 16 13:13:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from super-g.com (super-g.com [207.240.140.161]) by hub.freebsd.org (Postfix) with ESMTP id 9DD7615246 for ; Tue, 16 Nov 1999 13:13:36 -0800 (PST) (envelope-from spork@super-g.com) Received: by super-g.com (Postfix, from userid 1000) id 07E82BAE1; Tue, 16 Nov 1999 16:13:34 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by super-g.com (Postfix) with SMTP id E7D8FBADF; Tue, 16 Nov 1999 16:13:34 -0500 (EST) Date: Tue, 16 Nov 1999 16:13:34 -0500 (EST) From: spork To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) In-Reply-To: <3.0.5.32.19991116152108.0170f850@staff.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 16 Nov 1999, Mike Tancsa wrote: > I cant help you with OpenSSH, but the patches for sshd have been commited > to fix the exploit in question. It seems www.ssh.fi has removed one of the patches necessary to compile the port (fetch: patch-ssh-1.2.27-bsd.tty.chown: www.ssh.fi: HTTP server returned error code 404). Anyone have a copy of this that could be put up on ftp.freebsd.org under distfiles? Charles > ---Mike > ------------------------------------------------------------------------ > Mike Tancsa, tel +1 519 651 3400 > Network Administrator, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message