oss-sec mailing list archives

Re: CVE Request: dropbear sshd daemon 2013.59 release

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 15 Oct 2013 23:52:51 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2013 07:22 PM, Matt Johnston wrote:

On Thu, Oct 10, 2013 at 11:41:27PM -0600, Kurt Seifried wrote:

On 10/10/2013 07:27 AM, Marcus Meissner wrote:

It also has this changes entry which might need one: - Avoid
disclosing existence of valid users through inconsistent delays 
Thanks to Logan Lamb for reporting

This one seems to not be as exploitable or did I misread the follow up
emails?


This one needs a CVE too, just the link was wrong.                                                                    
                                        
https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a is
the correct patch.


Please use CVE-2013-4434 for this issue.

Cheers,
Matt



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSXimyAAoJEBYNRVNeJnmT5AUP/28rFBFJVCSfX3UQs614CPrG
Op5zNzh6xJ1FY4GZW0uYtUE3Xu4Q/w6p5IzqiFpfkXpSuJPyFbiZ5sOuq4fS9zqE
vGgxiBavCr82tjWnN7cYsBm5g92vUvzjmtUETjHgwlpqKw9N1OYoedpkfzDQGppb
RQYlO0i3rOjs+xE9f1NQwBZquT1dijRYmq7P2bXHknQi0HUkJI4Xp77SEput9wZw
IzSGzWnPpnDQzImMgKPpR06HBsZHmfjl7vW+WDJDwCTmdkMjO5/oba38stMgvKyA
VdIggsHNzViyr9OFpt2Dtp5UKH/QwSmzM5drqej67LB7YX5ZIezp3RvfNoIRj6I8
6WCTZ9Ang6ewTjYkgdr8v7ihTeQV7mqg8V35+dR2CMMpPBIThGC9NMFe9i6m1t1A
Z6Nwslxd5eGBWUZaDuOffz9W1dVwJc0gY7YjJSUToyDsJsrgps/TbnSKDaQcaKzO
Lg5ofB47uvZ1zNrQO1SlLtQyiHL7Sm2R9VFwd3J71YsqDKf9NHcBIyP3TO7I+10y
B77ofy2+z2woezJU6OOJgUHMPzBMzosvGZoLkHmTDkIrO4QcQ9wn/kExO03kpN0f
GcJqWwH0BOPea4Cr8rpW+bQwoUXLevjZd0q5CI1jixKTlTaFsogGtS4gghlCEcZe
VO7uPmww+ZmeqVyxsEjp
=mAl1
-----END PGP SIGNATURE-----

Current thread:

CVE Request: dropbear sshd daemon 2013.59 release Marcus Meissner (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Seth Arnold (Oct 10)
  - Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
  - Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 11)
    - Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 15)