Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 1 Nov 1998 19:03:42 -0500 (EST)
From:      "Matthew N. Dodd" <winter@jurai.net>
To:        "Jordan K. Hubbard" <jkh@time.cdrom.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: SSH vsprintf patch. (You've been warned Mr. Glass) 
Message-ID:  <Pine.BSF.4.02.9811011900000.17054-100000@sasami.jurai.net>
In-Reply-To: <21420.909964705@time.cdrom.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 1 Nov 1998, Jordan K. Hubbard wrote:
> > Look for details on this tomorrow but here is a patch that addresses the
> > vsprintf calls in ssh 1.2.26.
> 
> Is there a provable exploit for this also?

Not that I've seen.  One is rumored to be floating around.

The previous message (forwarded from rootshell to -security by someone
else) has most of the info I've seen.

I'll attempt to find out more from Alan Cox the next time he jumps on irc.

-- 
| Matthew N. Dodd  | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS |
| winter@jurai.net |      This Space For Rent     | ix86,sparc,m68k,pmax,vax  |
| http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage?   |


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9811011900000.17054-100000>