From owner-freebsd-security@FreeBSD.ORG Sat Oct 7 19:12:27 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE20516A407; Sat, 7 Oct 2006 19:12:27 +0000 (UTC) (envelope-from lists-freebsd@silverwraith.com) Received: from pear.silverwraith.com (pear.silverwraith.com [69.12.167.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7858D43D55; Sat, 7 Oct 2006 19:12:17 +0000 (GMT) (envelope-from lists-freebsd@silverwraith.com) Received: from avleen by pear.silverwraith.com with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1GWHaq-000Kzl-VN; Sat, 07 Oct 2006 12:12:16 -0700 Date: Sat, 7 Oct 2006 12:12:16 -0700 From: Avleen Vig To: Colin Percival Message-ID: <20061007191216.GX941@silverwraith.com> References: <200610022000.k92K0B5P009759@cvs.openbsd.org> <452183B1.7000306@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <452183B1.7000306@freebsd.org> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org, Theo de Raadt Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Oct 2006 19:12:27 -0000 On Mon, Oct 02, 2006 at 02:25:05PM -0700, Colin Percival wrote: > Theo de Raadt wrote: > >> The OpenSSH project believe that the race condition can lead to a Denial > >> of Service or potentially remote code execution > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Bullshit. Where did anyone say this? > > The OpenSSH 4.4 release announcement says that, actually: > > * Fix an unsafe signal hander reported by Mark Dowd. The signal > handler was vulnerable to a race condition that could be exploited > to perform a pre-authentication denial of service. On portable > OpenSSH, this vulnerability could theoretically lead to > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > pre-authentication remote code execution if GSSAPI authentication > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > is enabled, but the likelihood of successful exploitation appears > remote. Theo: Maybe you should put people in charge who can read their own release announcements before flaming a mailing list.