[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH Security Advisory: buffer.adv

To: Markus Friedl <markus@openbsd.org>
Subject: Re: OpenSSH Security Advisory: buffer.adv
From: Dries Schellekens <gwyllion@ace.ulyssis.org>
Date: Wed, 17 Sep 2003 03:16:33 +0200 (CEST)
Cc: misc@openbsd.org
References: <20030916231330.GA26489@folly>

On Wed, 17 Sep 2003, Markus Friedl wrote:

> This is the 2nd revision of the Advisory.
>
> This document can be found at:  http://www.openssh.com/txt/buffer.adv
>
> 1. Versions affected:
>
>         All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
>         management errors.  It is uncertain whether these errors are
>         potentially exploitable, however, we prefer to see bugs
>         fixed proactively.
>
>         Other implementations sharing common origin may also have
>         these issues.

How was the bug discovered? No credits are provided in the advisory.
The fixes between 3.7 and 3.7.1 were provided by Greg Hudson
(ghudson@mit.edu) according to CVS log.


Cheers,

Dries
--
Dries Schellekens
email: gwyllion@ulyssis.org

Follow-Ups:
- Re: OpenSSH Security Advisory: buffer.adv
  - From: Darren Reed <avalon@caligula.anu.edu.au>
- Re: OpenSSH Security Advisory: buffer.adv
  - From: Jean-Christophe Sicard <jc@sic-net.ca>

References:
- OpenSSH Security Advisory: buffer.adv
  - From: Markus Friedl <markus@openbsd.org>

Prev by Date: Re: 3.4 CDs
Next by Date: Re: OpenSSH Security Advisory: buffer.adv
Prev by thread: Re: OpenSSH Security Advisory: buffer.adv
Next by thread: Re: OpenSSH Security Advisory: buffer.adv
Index(es):
- Date
- Thread