Date: Sun, 01 Nov 1998 16:08:15 -0800 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: "Matthew N. Dodd" <winter@jurai.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) Message-ID: <21498.909965295@time.cdrom.com> In-Reply-To: Your message of "Sun, 01 Nov 1998 19:03:42 EST." <Pine.BSF.4.02.9811011900000.17054-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Not that I've seen. One is rumored to be floating around. Yeah, rumored is the right word. :) > The previous message (forwarded from rootshell to -security by someone > else) has most of the info I've seen. I read that too, yeah. Basically, I've seen evidence of provable buffer overflows (but not proven exploitability of same) and I've seen a hacked site who admins can't think of many other ways to be hacked and are pointing either correctly or incorrectly at ssh as the cause in their first round of theories. Either way, it's just all too guessy for me right now - I'd sure like to see an actual exploit here before declaring this most security scare concluded. :( - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21498.909965295>