Is OpenSSH vulnerable to the ZLIB problem or isn't it?
Markus Friedl
markus at openbsd.org
Thu Apr 4 05:12:23 EST 2002
On Wed, Apr 03, 2002 at 11:08:44AM -0600, Dave Dykstra wrote:
> I'm disappointed that nobody has replied to my question. OpenSSH
> development team, isn't the potential for a remote root exploit something
> that's important to you? Many other tools that use zlib have issued a
> public statement saying they are or they are not vulnerable.
do you have an exploit? how would it look like? what would it do?
sorry, i'm not writing exploits, so i have no idea how such an exploit
should work. however, compress.c now has some code that should
prevent a double free from zlib.
More information about the openssh-unix-dev
mailing list