Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 Nov 1999 16:56:49 -0500
From:      Keith Stevenson <k.stevenson@louisville.edu>
To:        Mike Tancsa <mike@sentex.net>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)
Message-ID:  <19991114165649.A95613@osaka.louisville.edu>
In-Reply-To: <4.1.19991114153939.046249a0@granite.sentex.ca>
References:  <4.1.19991114000355.04d7f230@granite.sentex.ca> <Pine.BSF.3.96.991114133831.48981B-100000@fledge.watson.org > <4.1.19991114153939.046249a0@granite.sentex.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 14, 1999 at 03:46:00PM -0500, Mike Tancsa wrote:
> 
> I am not so worried at this point about kerb integration, as I dont use it.
> What I am worried about is remote root exploitation.... Or am I missing
> something in the bugtraq post ? The poster indicates remote root
> exploitation is difficult, but possible in
> http://www.freebsd.org/cgi/query-pr.cgi?pr=14749
> I have cc'd the official maintainer.  Perhaps he could comment ?

I get the impression from the Bugtraq post that only SSH linked against
RSAREF is vulnerable.  Pity that those of us in the US are required to use 
the buggy code.

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson@louisville.edu
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991114165649.A95613>