From owner-freebsd-security  Tue Jun 25  2:39:30 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34])
	by hub.freebsd.org (Postfix) with ESMTP id E768437B675
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 02:35:01 -0700 (PDT)
Received: from FreeBSD.org (socks1.yahoo.com [216.145.50.200])
	by mail-relay1.yahoo.com (Postfix) with ESMTP
	id 7DE878B5BF; Tue, 25 Jun 2002 02:35:01 -0700 (PDT)
Message-ID: <3D183942.6FF6C3B4@FreeBSD.org>
Date: Tue, 25 Jun 2002 02:34:58 -0700
From: Doug Barton <DougB@FreeBSD.org>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.79 [en] (X11; U; FreeBSD 4.6-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Michael Richards <michael@fastmail.ca>
Cc: security@FreeBSD.ORG
Subject: Re: Upcoming OpenSSH vulnerability
References: <3D17F647.000045.31912@ns.interchange.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Michael Richards wrote:

> After reviewing the code of the new 3.3.1p I've located a very simple
> yet obscure root exploit for this new version 

Can we safely assume that you've made the openssh developers aware of
your findings?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message