From owner-freebsd-security Tue Nov 3 20:38:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA14779 for freebsd-security-outgoing; Tue, 3 Nov 1998 20:38:14 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA14774 for ; Tue, 3 Nov 1998 20:38:12 -0800 (PST) (envelope-from imp@village.org) Received: from harmony [10.0.0.6] by rover.village.org with esmtp (Exim 1.71 #1) id 0zauhh-0003TG-00; Tue, 3 Nov 1998 21:37:57 -0700 Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id VAA26480; Tue, 3 Nov 1998 21:37:54 -0700 (MST) Message-Id: <199811040437.VAA26480@harmony.village.org> To: spork Subject: Re: [rootshell] Security Bulletin #25 (fwd) Cc: Andrew McNaughton , bow , FreeBSD-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 03 Nov 1998 22:36:35 EST." References: Date: Tue, 03 Nov 1998 21:37:53 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message spork writes: : Sorry to bring this up again, but someone has posted on BugTraq stating : they found a copy of an exploit for sshd (remote root). He claims to have : tried it on his own machines with success. I saw that too, but realized that it wouldn't be a big deal to cope with because it was in the logging routines and would be caught by the extra sanity checking that we put in there. I've not seen his claims in any of the other security lists that I'm on yet... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message