[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH Security Advisory: buffer.adv

To: gwyllion@ace.ulyssis.org (Dries Schellekens)
Subject: Re: OpenSSH Security Advisory: buffer.adv
From: Darren Reed <avalon@caligula.anu.edu.au>
Date: Wed, 17 Sep 2003 11:39:15 +1000 (Australia/ACT)
Cc: markus@openbsd.org (Markus Friedl), misc@openbsd.org

In some mail from Dries Schellekens, sie said:
> 
> On Wed, 17 Sep 2003, Markus Friedl wrote:
> 
> > This is the 2nd revision of the Advisory.
> >
> > This document can be found at:  http://www.openssh.com/txt/buffer.adv
> >
> > 1. Versions affected:
> >
> >         All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
> >         management errors.  It is uncertain whether these errors are
> >         potentially exploitable, however, we prefer to see bugs
> >         fixed proactively.
> >
> >         Other implementations sharing common origin may also have
> >         these issues.
> 
> How was the bug discovered? No credits are provided in the advisory.

The only advisory I've seen claim to have "discovered" it has been the
ISS X-Force one...

Darren

Follow-Ups:
- Re: OpenSSH Security Advisory: buffer.adv
  - From: Dries Schellekens <gwyllion@ace.ulyssis.org>

References:
- Re: OpenSSH Security Advisory: buffer.adv
  - From: Dries Schellekens <gwyllion@ace.ulyssis.org>

Prev by Date: Re: OpenSSH Security Advisory: buffer.adv
Next by Date: Re: 3.4 CDs
Prev by thread: Re: OpenSSH Security Advisory: buffer.adv
Next by thread: Re: OpenSSH Security Advisory: buffer.adv
Index(es):
- Date
- Thread