From owner-freebsd-security Tue Jun 25 12:38:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from nef.ens.fr (nef.ens.fr [129.199.96.32]) by hub.freebsd.org (Postfix) with ESMTP id 0612337B406; Tue, 25 Jun 2002 12:38:30 -0700 (PDT) Received: from corto.lpt.ens.fr (corto.lpt.ens.fr [129.199.122.2]) by nef.ens.fr (8.10.1/1.01.28121999) with ESMTP id g5PJcSo86735 ; Tue, 25 Jun 2002 21:38:28 +0200 (CEST) Received: from (rsidd@localhost) by corto.lpt.ens.fr (8.9.3/jtpda-5.3.1) id VAA24441 ; Tue, 25 Jun 2002 21:38:27 +0200 (CEST) Date: Tue, 25 Jun 2002 21:38:27 +0200 From: Rahul Siddharthan To: Erick Mechler Cc: Doug Barton , Michael Richards , security@FreeBSD.ORG Subject: Re: Upcoming OpenSSH vulnerability Message-ID: <20020625213826.A24278@lpt.ens.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020625121915.P21793@techometer.net> X-Operating-System: FreeBSD 3.4-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Erick Mechler wrote: > :: > After reviewing the code of the new 3.3.1p I've located a very simple > :: > yet obscure root exploit for this new version > :: > :: Can we safely assume that you've made the openssh developers aware of > :: your findings? > > Michael, Doug, any word on the status of this? Have the OpenSSH developers > been notified of this? Reading the rest of that mail, I get the impression it was some sort of dumb joke/rhetorical statement, he didn't really have an exploit... - Rahul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message