Upcoming OpenSSH vulnerability

Corinna Vinschen vinschen at redhat.com
Tue Jun 25 18:34:33 EST 2002


On Mon, Jun 24, 2002 at 11:06:31PM +0200, Markus Friedl wrote:
> On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote:
> > However, I can say that when OpenSSH's sshd(8) is running with priv
> > seperation, the bug cannot be exploited.

I hope that you're working on getting that bug fixed also for
systems which aren't able to support privsep due to system constraints.

The Cygwin version of OpenSSH can't support it since sendmsg()/recvmsg()
currently can't transmit file descriptors.

Can we expect a bug fix which helps also for non-privsep'd sshds?

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com



More information about the openssh-unix-dev mailing list