Date: Tue, 5 Oct 1999 10:44:24 +0400 From: Igor Vinokurov <igor@rtsnet.ru> To: freebsd-security@freebsd.org Subject: Re: ssh 1.2.27 vulnerability Message-ID: <19991005104423.A18207@shogun.rtsnet.ru>
next in thread | raw e-mail | index | archive | help
Ollivier Robert <roberto@keltia.freenix.fr> wrote:
> > Can someone from FreeBSD Team prove to be true/deny presence
> > of a problem? And if the problem is - to recommend workaround?
>
> AFAIK the problem is on SSH side but a workaround to this problem was
> committed in FreeBSD recently. Watch the commit logs.
Thank you.
---
From: Guido van Rooij <guido@FreeBSD.org>
Message-ID: <199909292109.OAA00913@freefall.freebsd.org>
Date: Wed, 29 Sep 1999 14:09:42 -0700 (PDT)
Subject: cvs commit: src/sys/kern uipc_usrreq.c
guido 1999/09/29 14:09:42 PDT
Modified files:
sys/kern uipc_usrreq.c
Log:
Do not follow symlinks when binding a unix domain socket.
This fixes the ssh 1.2.27 vulnerability as reported in bugtraq.
Revision Changes Path
1.49 +2 -2 src/sys/kern/uipc_usrreq.c
---
--
Igor Vinokurov
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991005104423.A18207>