From owner-freebsd-security Wed Jun 26 7:54:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id 21AF037B435 for ; Wed, 26 Jun 2002 07:52:38 -0700 (PDT) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id AAA26617; Thu, 27 Jun 2002 00:52:33 +1000 (EST) From: Darren Reed Message-Id: <200206261452.AAA26617@caligula.anu.edu.au> Subject: Re: OpenSSH Advisory (was Re: Much ado about nothing.) To: mike@sentex.net (Mike Tancsa) Date: Thu, 27 Jun 2002 00:52:33 +1000 (Australia/ACT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <5.1.0.14.0.20020626103651.048ec778@marble.sentex.ca> from "Mike Tancsa" at Jun 26, 2002 10:40:05 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From the OpenSSH 3.4 announcement: Changes since OpenSSH 3.3: ============================ Security Changes: ================= All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 fixes this bug. In addition, OpenSSH 3.4 adds many checks to detect invalid input and mitigate resource exhaustion attacks. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables UsePrivilegeSeparation by default. In some mail from Mike Tancsa, sie said: > > > Can someone confirm for me that the quote, > > ---------- > Impact: > > OpenBSD, FreeBSD-Current, and other OpenSSH implementations may be > vulnerable to a remote, superuser compromise. > > Affected Versions: > > OpenBSD 3.0 > OpenBSD 3.1 > FreeBSD-Current > OpenSSH 3.0-3.2.3 > > ------------end quote------------- > > would imply that the version 2.9 in STABLE is not vulnerable ? > > > > At 07:23 AM 26/06/2002 -0700, Benjamin Krueger wrote: > > >http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 > > > >Regards, > > > >-- > >Benjamin Krueger > > > >"Life is far too important a thing ever to talk seriously about." > >- Oscar Wilde (1854 - 1900) > >---------------------------------------------------------------- > >Send mail w/ subject 'send public key' or query for (0x251A4B18) > >Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message