From owner-freebsd-security Tue Nov 16 13:38:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (Postfix) with ESMTP id 74F1B14BED for ; Tue, 16 Nov 1999 13:37:54 -0800 (PST) (envelope-from ust@cert.siemens.de) X-Envelope-Sender-Is: ust@cert.siemens.de (at relayer david.siemens.de) Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by david.siemens.de (8.9.3/8.9.3) with ESMTP id WAA08829; Tue, 16 Nov 1999 22:37:51 +0100 (MET) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail2.siemens.de (8.9.3/8.9.3) with ESMTP id WAA04885; Tue, 16 Nov 1999 22:37:51 +0100 (MET) Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [139.23.202.134]) by mars.cert.siemens.de (8.9.3/8.9.3/Siemens CERT [ $Revision: 1.9 ]) with ESMTP id WAA29096; Tue, 16 Nov 1999 22:37:50 +0100 (CET) Received: (from ust@localhost) by alaska.cert.siemens.de (8.9.3/8.9.3/alaska [ $Revision: 1.2 ]) id VAA02292; Tue, 16 Nov 1999 21:37:50 GMT (envelope-from ust) Date: Tue, 16 Nov 1999 22:37:50 +0100 From: Udo Schweigert To: spork Cc: Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Message-ID: <19991116223750.A2271@alaska.cert.siemens.de> References: <3.0.5.32.19991116152108.0170f850@staff.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from spork@super-g.com on Tue, Nov 16, 1999 at 04:13:34PM -0500 X-Operating-System: FreeBSD 3.3-STABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Nov 16, 1999 at 04:13:34PM -0500, spork wrote: > On Tue, 16 Nov 1999, Mike Tancsa wrote: > > > I cant help you with OpenSSH, but the patches for sshd have been commited > > to fix the exploit in question. > > It seems www.ssh.fi has removed one of the patches necessary to compile > the port (fetch: patch-ssh-1.2.27-bsd.tty.chown: www.ssh.fi: HTTP server > returned error code 404). Anyone have a copy of this that could be put up > on ftp.freebsd.org under distfiles? > I have it here. Whom should I mail it? Regards. ------------------------------------------------------------------------------- Udo Schweigert || Voice : +49 89 636 42170 Siemens AG, Siemens CERT || Fax : +49 89 636 41166 ZT IK 3 || email : Udo.Schweigert@mchp.siemens.de D-81730 Muenchen / Germany || : ust@cert.siemens.de PGP fingerprint || 2A 53 F6 A6 30 59 64 02 6B C4 E0 73 B2 C9 6C E7 ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message