Re: ssh vulernability

To: debian-security@lists.debian.org
Subject: Re: ssh vulernability
From: Mike Renfro <renfro@tntech.edu>
Date: Sun, 21 Oct 2001 16:41:17 -0500
Message-id: <20011021164117.B4351@ch208h>
In-reply-to: <20011019152618.A4221@plato.local.lan>; from erbenson@alaska.net on Fri, Oct 19, 2001 at 03:26:18PM -0800
References: <Pine.BSF.4.33.0110191805380.73457-100000@flagg.secureworks.net> <"from ahall"@secureworks.net> <20011019152618.A4221@plato.local.lan>

On Fri, Oct 19, 2001 at 03:26:18PM -0800, Ethan Benson wrote:
> On Fri, Oct 19, 2001 at 06:06:34PM -0400, ahall@secureworks.net wrote:
> > Has debian released a new ssh dpkg yet?
> 
> no

If this is about the buffer overflow exploit that's supposed to be
going around now, wasn't this fixed in the following:

openssh (1:1.2.3-9.2) stable; urgency=high

  * Non-maintainer upload by Security Team
  * Added backported fix for a buffer overflow (thanks to Piotr
    Roszatycki)
  * Added modified build dependencies from unstable for convenience
  * Added patch that fixes an rsa key exchange problem made public by CORE
    SDI.

 -- Martin Schulze <joey@debian.org>  Thu,  8 Feb 2001 22:15:04 +0100

If it's a different exploit entirely, please ignore.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu

Reply to:

Follow-Ups:
- Re: ssh vulernability
  - From: Ethan Benson <erbenson@alaska.net>

References:
- ssh vulernability
  - From: <ahall@secureworks.net>
- Re: ssh vulernability
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Port Scan for UDP
Next by Date: Re: Questions regarding the Security Secretary Position
Previous by thread: Re: ssh vulernability
Next by thread: Re: ssh vulernability
Index(es):
- Date
- Thread