Full Disclosure mailing list archives
Re: new ssh exploit?
From: Valdis.Kletnieks () vt edu
Date: Wed, 17 Sep 2003 15:40:11 -0400
On Tue, 16 Sep 2003 16:45:05 EDT, Valdis.Kletnieks () vt edu said:
On Tue, 16 Sep 2003 13:13:51 EDT, "Jonathan A. Zdziarski" <jonathan@nuclearel
ephant.com> said:
Does anyone know if this vulnerability is present in the free noncommercial ssh distribution from ssh.fi?Looking at the relevant code in ssh 3.2.5, it appears not, as the ssh.com code was already using a temp variable the same way that the openssh code added one.
I have *NOT* looked at the 3.7.1 patch, which I got notice of after I wrote that.
Attachment:
_bin
Description:
Current thread:
- Re: new ssh exploit?, (continued)
- Re: new ssh exploit? Florian Weimer (Sep 16)
- Re: new ssh exploit? Michael 'Moose' Dinn (Sep 16)
- RE: new ssh exploit? Aditya (Sep 17)
- Re: new ssh exploit? Cael Abal (Sep 17)
- Re: new ssh exploit? Adam Shostack (Sep 15)
- Re: new ssh exploit? Justin Kreger (Sep 15)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Jonathan A. Zdziarski (Sep 16)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Bennett Todd (Sep 16)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Bennett Todd (Sep 16)
- Re: new ssh exploit? Blue Boar (Sep 16)
- Re: new ssh exploit? Bennett Todd (Sep 17)
- Re: new ssh exploit? Bennett Todd (Sep 18)
- Re: new ssh exploit? Damian Gerow (Sep 18)
- Re: new ssh exploit? Bennett Todd (Sep 18)
- Re: new ssh exploit? Damian Gerow (Sep 18)