Date: Sun, 14 Nov 1999 16:59:43 -0500 From: Keith Stevenson <k.stevenson@louisville.edu> To: freebsd-security@freebsd.org Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Message-ID: <19991114165943.B95613@osaka.louisville.edu> In-Reply-To: <19991114165649.A95613@osaka.louisville.edu> References: <4.1.19991114000355.04d7f230@granite.sentex.ca> <Pine.BSF.3.96.991114133831.48981B-100000@fledge.watson.org <4.1.19991114153939.046249a0@granite.sentex.ca> <19991114165649.A95613@osaka.louisville.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 14, 1999 at 04:56:49PM -0500, Keith Stevenson wrote: > > I get the impression from the Bugtraq post that only SSH linked against > RSAREF is vulnerable. Pity that those of us in the US are required to use > the buggy code. (Replying to myself) Oops. I think I gave the wrong impression. As I understand it the bug is in the interaction between SSH 1.2.27 and the library call to RSAREF. The combination is buggy, not RSAREF. -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991114165943.B95613>