Date: Sun, 14 Nov 1999 15:46:00 -0500 From: Mike Tancsa <mike@sentex.net> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: freebsd-security@freebsd.org, torstenb@freebsd.org Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Message-ID: <4.1.19991114153939.046249a0@granite.sentex.ca> In-Reply-To: <Pine.BSF.3.96.991114133831.48981B-100000@fledge.watson.org > References: <4.1.19991114000355.04d7f230@granite.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:40 PM 11/14/99 , Robert Watson wrote: > >I've started switching my machines to OpenSSH -- however, our port >specifically disables K4 and AFS support :-). If I have time over the >next few days (unlikely, traveling to Albuquerque for a DARPA conference), >I'll mail in some patches to get K4 working. Otherwise, OpenSSH port >seemed to work out of the box for me -- the one other change I made was to >enable X forwarding in the ssh server. My feeling is disabling it in the >client is far more useful, as it's the client giving out access to its >display, not the server :-). I am not so worried at this point about kerb integration, as I dont use it. What I am worried about is remote root exploitation.... Or am I missing something in the bugtraq post ? The poster indicates remote root exploitation is difficult, but possible in http://www.freebsd.org/cgi/query-pr.cgi?pr=14749 I have cc'd the official maintainer. Perhaps he could comment ? ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19991114153939.046249a0>