Full Disclosure mailing list archives

Re: new ssh exploit?

From: Valdis.Kletnieks () vt edu
Date: Wed, 17 Sep 2003 15:40:11 -0400

On Tue, 16 Sep 2003 16:45:05 EDT, Valdis.Kletnieks () vt edu said:

On Tue, 16 Sep 2003 13:13:51 EDT, "Jonathan A. Zdziarski" <jonathan@nuclearel

ephant.com>  said:

Does anyone know if this vulnerability is present in the free
noncommercial ssh distribution from ssh.fi?


Looking at the relevant code in ssh 3.2.5, it appears not, as the ssh.com code
was already using a temp variable the same way that the openssh code added one.


I have *NOT* looked at the 3.7.1 patch, which I got notice of after I wrote that.

Attachment: _bin
Description:

Current thread:

Re: new ssh exploit?, (continued)
- - - Re: new ssh exploit? Florian Weimer (Sep 16)
    - Re: new ssh exploit? Michael 'Moose' Dinn (Sep 16)
    - RE: new ssh exploit? Aditya (Sep 17)
    - Re: new ssh exploit? Cael Abal (Sep 17)
- Re: new ssh exploit? christopher neitzert (Sep 15)
  - Re: new ssh exploit? Adam Shostack (Sep 15)
    - Re: new ssh exploit? Justin Kreger (Sep 15)
    - Re: new ssh exploit? Ron DuFresne (Sep 16)
    - Re: new ssh exploit? Jonathan A. Zdziarski (Sep 16)
    - Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
    - Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
  - Re: new ssh exploit? Ron DuFresne (Sep 16)
    - Re: new ssh exploit? Bennett Todd (Sep 16)
    - Re: new ssh exploit? Ron DuFresne (Sep 16)
    - Re: new ssh exploit? Bennett Todd (Sep 16)
    - Re: new ssh exploit? Blue Boar (Sep 16)
    - Re: new ssh exploit? Bennett Todd (Sep 17)
    - Re: new ssh exploit? Bennett Todd (Sep 18)
    - Re: new ssh exploit? Damian Gerow (Sep 18)
    - Re: new ssh exploit? Bennett Todd (Sep 18)
    - Re: new ssh exploit? Damian Gerow (Sep 18)

(Thread continues...)