Date: Sun, 10 Mar 2002 19:12:30 +0100 From: Udo Erdelhoff <ue@nathan.ruhr.de> To: freebsd-doc@FreeBSD.org Cc: "Bruce A. Mah" <bmah@FreeBSD.org> Subject: Re: cvs commit: src/release/doc/en_US.ISO8859-1/relnotes/common new.sgml Message-ID: <20020310191230.E89278@nathan.ruhr.de> In-Reply-To: <200203090112.g291C4A36851@freefall.freebsd.org> References: <200203090112.g291C4A36851@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Fri, Mar 08, 2002 at 05:12:04PM -0800, Bruce A. Mah wrote: > 1.297 +4 -2 src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml I think there is a small typo/omission in the entry: ] This bug could have allowed an authenticated remote user to cause ] &man.sshd.8; to execute arbitrary code with superuser privileges, This part is correct and clear: A 'bad' client can abuse the server ] or allowed a connecting SSH client to execute arbitrary ] code with the privileges of the client user. but I think this part should be clearer. According to the advisories I have read, a 'bad' server can abuse the client. My suggestion is to replace this part with "or allowed a malicous SSH server to execute arbitrary code on the client system with the privileges of the client user". /s/Udo -- Ruhig meine Brüder im Geiste. Müßt Ihr Euch an einem Montag morgen gegenseitig so an die Karre pissen?? Habt Ihr denn keine Anwender an denen Ihr Euren Unmut auslassen könnt??? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020310191230.E89278>