Bug CVE-2005-2797

karthikeyan S karthispeaks at gmail.com
Tue Jan 20 04:42:30 EST 2009


Hi Everyone,

I am using openssh 4.0 in a product, which is affected by
CVE-2005-2797 (If DynamicForward option is activated, GatewayPorts is
also unconditionally enabled). I am trying to backport the fix for
this from 4.2 to 4.0. I have been finding the difference between 4.2
and 4.1 and the only change that looks relevant to this bug, to me is
the changes made in the file readconf.c with the following change

+fwd.listen_host = NULL;
-fwd.listen_host  = "";

Could you please tell me if this was indeed the fix made for this bug?
Or if there is a patch for this, could you please point me that patch?
Thanks in advance.

-karthik


More information about the openssh-unix-dev mailing list