Date: Sun, 8 Nov 1998 11:07:59 +0800 (WST) From: Dean Hollister <dean@odyssey.apana.org.au> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: SSH admits exploit in 1.2.26 client (fwd) Message-ID: <Pine.BSF.4.05.9811081107250.3758-100000@odyssey.apana.org.au>
next in thread | raw e-mail | index | archive | help
Has Version 2 of ssh been ported yet?
Rootshell.com was recently hacked and exploit in SSH
ver 1.2.26 was aparrently used.
No exploit is known in ver 2 code.
SSH Admits Buffer Overflow in 1.2.26 client
11/5/98 8:44AM PDT This morning SSH Communications Security LTD.
released information about a buffer overflow in its ssh 1.2.26 client
kerberos code. This came as quite a surprise after SSH was very
bullish about there being no buffer overflows in their code. While it
is VERY hard to exploit and only works under certain conditions, it is
still a valid security hole.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811081107250.3758-100000>