Re: ssh vulnerability in the wild
On Tue, 16 Sep 2003, Steve Suehring wrote:
> Actually, there is a patch for buffer.c:
> http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h
>
> I've applied that patch to woody's ssh source, rebuilt it, and installed
> it on a number of servers already. Hopefully that's the patch for this
> particular exploit. Not having seen the source code for the exploit, I
> have no idea what is being exploited.
Thanks, apt-get upgrade worked for me. I guess we'll find out soon enough
if it was the correct patch...
Good work on getting it integrated so quickly!
Regards,
Thomas
Reply to: