OpenSSH Security Advisory: buffer.adv
pekkas at netcore.fi
Thu Sep 18 21:32:03 EST 2003
Seem to have merged two hours ago.
Some of those are just cleanups though, e.g. the deattack.c change (at
least, I fail to see how that would change the functional behaviour).
On Thu, 18 Sep 2003, Dries Schellekens wrote:
> On Wed, 17 Sep 2003, Dries Schellekens wrote:
> > Will the 4 extra fixes by Solar Designer be included as well?
> > >From the Owl Changelog
> > 2003/09/17 Package: openssh
> > SECURITY FIX Severity: medium, remote, active
> > Multiple memory management errors have been discovered in OpenSSH, and
> > this update corrects 6 such real or potential errors based on an
> > exhaustive review of the OpenSSH source code for uses of *realloc()
> > functions. At this time, it is uncertain whether and which of these bugs
> > are exploitable. If exploits are possible, due to privilege separation,
> > the worst direct impact should be limited to arbitrary code execution
> > under the sshd pseudo-user account restricted within the chroot jail
> > /var/empty, or under the logged in user account. Reference:
> > http://www.openssh.com/txt/buffer.adv
> So is there no urgent need to include these fixes?
> Dries Schellekens
> email: gwyllion at ulyssis.org
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the openssh-unix-dev