CVE-2014-1692
Alex Bligh
alex at alex.org.uk
Fri Jan 31 07:59:59 EST 2014
On 30 Jan 2014, at 20:31, Damien Miller wrote:
> oh man, that CVE is nuts.
It starts "The hash_buffer function in schnorr.c in OpenSSH through 6.4,
when Makefile.inc is modified to enable the J-PAKE protocol ..."
If one is allowed to modify files in order to trigger security vulnerabilities,
I think I could find some rather more obvious modifications to do with
rather more serious impacts.
--
Alex Bligh
More information about the openssh-unix-dev
mailing list