CVE-2014-1692

Alex Bligh alex at alex.org.uk
Fri Jan 31 07:59:59 EST 2014


On 30 Jan 2014, at 20:31, Damien Miller wrote:

> oh man, that CVE is nuts.

It starts "The hash_buffer function in schnorr.c in OpenSSH through 6.4,
when Makefile.inc is modified to enable the J-PAKE protocol ..."

If one is allowed to modify files in order to trigger security vulnerabilities,
I think I could find some rather more obvious modifications to do with
rather more serious impacts.

-- 
Alex Bligh






More information about the openssh-unix-dev mailing list