Date: Sun, 14 Nov 1999 17:06:41 -0500 From: Mike Tancsa <mike@sentex.net> To: Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@FreeBSD.ORG Subject: Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Message-ID: <4.1.19991114170427.0480a7b0@granite.sentex.ca> In-Reply-To: <19991114165943.B95613@osaka.louisville.edu> References: <19991114165649.A95613@osaka.louisville.edu> <4.1.19991114000355.04d7f230@granite.sentex.ca> <Pine.BSF.3.96.991114133831.48981B-100000@fledge.watson.org <4.1.19991114153939.046249a0@granite.sentex.ca> <19991114165649.A95613@osaka.louisville.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:59 PM 11/14/99 , Keith Stevenson wrote: >On Sun, Nov 14, 1999 at 04:56:49PM -0500, Keith Stevenson wrote: >> >> I get the impression from the Bugtraq post that only SSH linked against >> RSAREF is vulnerable. Pity that those of us in the US are required to use >> the buggy code. > >(Replying to myself) > >Oops. I think I gave the wrong impression. As I understand it the bug is >in the interaction between SSH 1.2.27 and the library call to RSAREF. The >combination is buggy, not RSAREF. For the Canada and the USA, this is the default install combination no ? I guess a lot of sites will need to be patched out there :-( ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19991114170427.0480a7b0>