From owner-freebsd-security  Sun Nov  1 16:03:57 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA00764
          for freebsd-security-outgoing; Sun, 1 Nov 1998 16:03:57 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from sasami.jurai.net (sasami.jurai.net [207.153.65.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA00722
          for <freebsd-security@FreeBSD.ORG>; Sun, 1 Nov 1998 16:03:51 -0800 (PST)
          (envelope-from winter@jurai.net)
Received: from localhost (winter@localhost)
	by sasami.jurai.net (8.8.8/8.8.7) with SMTP id TAA14397;
	Sun, 1 Nov 1998 19:03:43 -0500 (EST)
Date: Sun, 1 Nov 1998 19:03:42 -0500 (EST)
From: "Matthew N. Dodd" <winter@jurai.net>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) 
In-Reply-To: <21420.909964705@time.cdrom.com>
Message-ID: <Pine.BSF.4.02.9811011900000.17054-100000@sasami.jurai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 1 Nov 1998, Jordan K. Hubbard wrote:
> > Look for details on this tomorrow but here is a patch that addresses the
> > vsprintf calls in ssh 1.2.26.
> 
> Is there a provable exploit for this also?

Not that I've seen.  One is rumored to be floating around.

The previous message (forwarded from rootshell to -security by someone
else) has most of the info I've seen.

I'll attempt to find out more from Alan Cox the next time he jumps on irc.

-- 
| Matthew N. Dodd  | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS |
| winter@jurai.net |      This Space For Rent     | ix86,sparc,m68k,pmax,vax  |
| http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage?   |


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message