[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSH Security Advisory: buffer.adv
On Wed, 17 Sep 2003, Markus Friedl wrote:
> This is the 2nd revision of the Advisory.
> This document can be found at: http://www.openssh.com/txt/buffer.adv
> 1. Versions affected:
> All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
> management errors. It is uncertain whether these errors are
> potentially exploitable, however, we prefer to see bugs
> fixed proactively.
> Other implementations sharing common origin may also have
> these issues.
How was the bug discovered? No credits are provided in the advisory.
The fixes between 3.7 and 3.7.1 were provided by Greg Hudson
(firstname.lastname@example.org) according to CVS log.