OpenSSH 3.7 released
Pekka Savola
pekkas at netcore.fi
Wed Sep 17 05:49:09 EST 2003
On Tue, 16 Sep 2003, Markus Friedl wrote:
> Security Changes:
> =================
>
> All versions of OpenSSH's sshd prior to 3.7 contain a buffer
> management error. It is uncertain whether this error is
> potentially exploitable, however, we prefer to see bugs
> fixed proactively.
>
> OpenSSH 3.7 fixes this bug.
My (very!) quick look at this would seem to indicate that buffer_append()
is not called with any useful or user-given input before TCP wrappers
checks are activated.
Has anyone (else) looked into this?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the openssh-unix-dev
mailing list