From owner-freebsd-security Mon Oct 4 23:44:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from relay.rtsnet.ru (bravo.rtsnet.ru [194.247.132.8]) by hub.freebsd.org (Postfix) with ESMTP id 2EE51154BA for ; Mon, 4 Oct 1999 23:44:26 -0700 (PDT) (envelope-from igor@rtsnet.ru) Received: from shogun.rtsnet.ru (shogun.rtsnet.ru [172.16.4.32]) by relay.rtsnet.ru (Postfix) with ESMTP id DDF97198D0E for ; Tue, 5 Oct 1999 10:44:24 +0400 (MSD) Received: (from igor@localhost) by shogun.rtsnet.ru (8.9.3/8.9.3/Zynaps) id KAA18234 for freebsd-security@freebsd.org; Tue, 5 Oct 1999 10:44:24 +0400 (MSD) Date: Tue, 5 Oct 1999 10:44:24 +0400 From: Igor Vinokurov To: freebsd-security@freebsd.org Subject: Re: ssh 1.2.27 vulnerability Message-ID: <19991005104423.A18207@shogun.rtsnet.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ollivier Robert wrote: > > Can someone from FreeBSD Team prove to be true/deny presence > > of a problem? And if the problem is - to recommend workaround? > > AFAIK the problem is on SSH side but a workaround to this problem was > committed in FreeBSD recently. Watch the commit logs. Thank you. --- From: Guido van Rooij Message-ID: <199909292109.OAA00913@freefall.freebsd.org> Date: Wed, 29 Sep 1999 14:09:42 -0700 (PDT) Subject: cvs commit: src/sys/kern uipc_usrreq.c guido 1999/09/29 14:09:42 PDT Modified files: sys/kern uipc_usrreq.c Log: Do not follow symlinks when binding a unix domain socket. This fixes the ssh 1.2.27 vulnerability as reported in bugtraq. Revision Changes Path 1.49 +2 -2 src/sys/kern/uipc_usrreq.c --- -- Igor Vinokurov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message