[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh vulnerability in the wild



On Tue, 16 Sep 2003, Steve Suehring wrote:

> Actually, there is a patch for buffer.c:
> http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h
>
> I've applied that patch to woody's ssh source, rebuilt it, and installed
> it on a number of servers already.  Hopefully that's the patch for this
> particular exploit.  Not having seen the source code for the exploit, I
> have no idea what is being exploited.

Thanks, apt-get upgrade worked for me. I guess we'll find out soon enough
if it was the correct patch...

Good work on getting it integrated so quickly!

Regards,
Thomas



Reply to: