Re: ssh vulnerability in the wild

To: Steve Suehring <sec@braingia.org>
Cc: Alexander Neumann <alexander@bumpern.de>, <debian-security@lists.debian.org>
Subject: Re: ssh vulnerability in the wild
From: Thomas Horsten <thomas@horsten.com>
Date: Tue, 16 Sep 2003 16:49:19 +0100 (BST)
Message-id: <[🔎] Pine.LNX.4.40.0309161647460.6544-100000@jehova.dsm.dk>
In-reply-to: <[🔎] 20030916153252.GA9904@mail.braingia.org>

On Tue, 16 Sep 2003, Steve Suehring wrote:

> Actually, there is a patch for buffer.c:
> http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h
>
> I've applied that patch to woody's ssh source, rebuilt it, and installed
> it on a number of servers already.  Hopefully that's the patch for this
> particular exploit.  Not having seen the source code for the exploit, I
> have no idea what is being exploited.

Thanks, apt-get upgrade worked for me. I guess we'll find out soon enough
if it was the correct patch...

Good work on getting it integrated so quickly!

Regards,
Thomas

Reply to:

Follow-Ups:
- Re: ssh vulnerability in the wild
  - From: Steve Suehring <sec@braingia.org>

References:
- Re: ssh vulnerability in the wild
  - From: Steve Suehring <sec@braingia.org>

Prev by Date: Re: OpenSSH
Next by Date: Re: ssh vulnerability in the wild
Previous by thread: Re: ssh vulnerability in the wild
Next by thread: Re: ssh vulnerability in the wild
Index(es):
- Date
- Thread