OpenSSH Security Advisory (adv.channelalloc) (fwd)
Pekka Savola
pekkas at netcore.fi
Fri Mar 8 02:00:53 EST 2002
whoops, not announce.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
---------- Forwarded message ----------
Date: Thu, 7 Mar 2002 16:59:38 +0200 (EET)
From: Pekka Savola <pekkas at netcore.fi>
To: Markus Friedl <markus at openbsd.org>
Cc: openssh-unix-announce at mindrot.org
Subject: Re: OpenSSH Security Advisory (adv.channelalloc)
On Thu, 7 Mar 2002, Markus Friedl wrote:
> 2. Impact:
>
> This bug can be exploited locally by an authenticated user
> logging into a vulnerable OpenSSH server
Can you elaborate a bit what this means..? I'm mostly puzzled about the
use of the word 'locally' as it seems to contradict with logging into,
unless e.g. IP source and destination must be equal or something.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list