From owner-freebsd-questions  Sat Nov  7 19:08:20 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA18215
          for freebsd-questions-outgoing; Sat, 7 Nov 1998 19:08:20 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from defiant.apana.org.au (defiant.apana.org.au [203.11.114.25])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA18210
          for <freebsd-questions@freebsd.org>; Sat, 7 Nov 1998 19:08:16 -0800 (PST)
          (envelope-from dean@odyssey.apana.org.au)
Received: from odyssey.apana.org.au (odyssey.apana.org.au [203.11.114.1])
	by defiant.apana.org.au (8.8.8/8.8.8) with ESMTP id LAA12262
	for <freebsd-questions@freebsd.org>; Sun, 8 Nov 1998 11:08:00 +0800 (WST)
	(envelope-from dean@odyssey.apana.org.au)
Date: Sun, 8 Nov 1998 11:07:59 +0800 (WST)
From: Dean Hollister <dean@odyssey.apana.org.au>
To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: SSH admits exploit in 1.2.26 client (fwd)
Message-ID: <Pine.BSF.4.05.9811081107250.3758-100000@odyssey.apana.org.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Has Version 2 of ssh been ported yet?

Rootshell.com was recently hacked and exploit in SSH 
ver 1.2.26 was aparrently used.
	No exploit is known in ver 2 code. 


 SSH Admits Buffer Overflow in 1.2.26 client             
      11/5/98 8:44AM PDT This morning SSH Communications Security LTD.
   released information about a buffer overflow in its ssh 1.2.26 client 
      kerberos code. This came as quite a surprise after SSH was very   
   bullish about there being no buffer overflows in their code. While it
   is VERY hard to exploit and only works under certain conditions, it is
     still a valid security hole.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message