[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSH Security Advisory: buffer.adv
In some mail from Dries Schellekens, sie said:
> On Wed, 17 Sep 2003, Markus Friedl wrote:
> > This is the 2nd revision of the Advisory.
> > This document can be found at: http://www.openssh.com/txt/buffer.adv
> > 1. Versions affected:
> > All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
> > management errors. It is uncertain whether these errors are
> > potentially exploitable, however, we prefer to see bugs
> > fixed proactively.
> > Other implementations sharing common origin may also have
> > these issues.
> How was the bug discovered? No credits are provided in the advisory.
The only advisory I've seen claim to have "discovered" it has been the
ISS X-Force one...