Bug CVE-2005-2797

Darren Tucker dtucker at zip.com.au
Tue Jan 20 16:55:16 EST 2009


karthikeyan S wrote:
> Hi Everyone,
> 
> I am using openssh 4.0 in a product, which is affected by
> CVE-2005-2797 (If DynamicForward option is activated, GatewayPorts is
> also unconditionally enabled). I am trying to backport the fix for
> this from 4.2 to 4.0. I have been finding the difference between 4.2
> and 4.1 and the only change that looks relevant to this bug, to me is
> the changes made in the file readconf.c with the following change
> 
> +fwd.listen_host = NULL;
> -fwd.listen_host  = "";
> 
> Could you please tell me if this was indeed the fix made for this bug?
> Or if there is a patch for this, could you please point me that patch?
> Thanks in advance.

It was a while back but from the cvs history it looks like it was ssh.c 
rev 1.235 and readconf.c rev 1.118.

http://anoncvs.mindrot.org/index.cgi/openssh/ssh.c?r1=1.234&r2=1.235
http://anoncvs.mindrot.org/index.cgi/openssh/readconf.c?r1=1.117&r2=1.118

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list