From owner-freebsd-questions  Mon May 17 16: 0:20 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from inet.chip-web.com (c1003518-a.plstn1.sfba.home.com [24.1.82.47])
	by hub.freebsd.org (Postfix) with SMTP id D130115086
	for <freebsd-questions@FreeBSD.ORG>; Mon, 17 May 1999 16:00:17 -0700 (PDT)
	(envelope-from ludwigp@toy.chip-web.com)
Received: (qmail 16921 invoked from network); 17 May 1999 23:00:16 -0000
Received: from speedy.chip-web.com (HELO speedy) (172.16.1.1)
  by inet.chip-web.com with SMTP; 17 May 1999 23:00:16 -0000
Message-Id: <4.1.19990517155036.00a72c60@mail-r>
X-Sender: ludwigp@toy.chip-web.com (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Mon, 17 May 1999 15:51:41 -0700
To: Doug White <dwhite@resnet.uoregon.edu>
From: Ludwig Pummer <ludwigp@toy.chip-web.com>
Subject: Re: hacking attempts
Cc: freebsd-questions@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.03.9905171147450.15052-100000@resnet.uoregon.ed
 u>
References: <373A3B4B.82D780C4@borg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 11:48 AM 5/17/1999 , Doug White wrote:
>I have yet to see these 'ssh vulnerabilities' substantiated by any hard
>evidence.  I suspect some other service was explited (imap?) and ssh was
>the first app to notice anything askew.

There _was_ a buffer overflow condition in SSH if you were using Kerberos
support. I don't remember if it was exploitable or not.

--Ludwig Pummer ( ludwigp@bigfoot.com ) ICQ UIN: 692441


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message