Educause Security Discussion mailing list archives
OpenSSH and Sendmail Holes
From: stanislav shalunov <shalunov () INTERNET2 EDU>
Date: Wed, 17 Sep 2003 15:44:52 -0400
These three problems were not mentioned here, they came out in last two days and are important: remote root compromises of widespread and important daemons (electronic mail and secure shell) are possible. Yesterday, a buffer management problem was found in OpenSSH. OpenSSH 3.7 was released to fix the hole. It didn't get everything. More related problems were found today, and OpenSSH 3.7.1 was released. Source patches at http://www.openssh.com/txt/buffer.adv Today, a new vulnerability in sendmail address parsing code was disclosed. It affects all versions up to 8.12.9. Sendmail 8.12.10 fixes this problem. http://www.sendmail.org/8.12.10.html -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ "The power of accurate observation is commonly called cynicism by those who have not got it." -- G. B. Shaw ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- OpenSSH and Sendmail Holes stanislav shalunov (Sep 17)