Re: ssh vulnerability in the wild

To: Ted Roby <secalert@tedroby.com>
Cc: debian-security@lists.debian.org
Subject: Re: ssh vulnerability in the wild
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 16 Sep 2003 19:13:09 +0200
Message-id: <[🔎] 87d6e07j2y.fsf@deneb.enyo.de>
Mail-followup-to: Ted Roby <secalert@tedroby.com>, debian-security@lists.debian.org
In-reply-to: <[🔎] D79968A2-E861-11D7-8540-0003931D9B5A@tedroby.com> (Ted Roby's message of "Tue, 16 Sep 2003 09:21:35 -0700")
References: <[🔎] D79968A2-E861-11D7-8540-0003931D9B5A@tedroby.com>

Ted Roby <secalert@tedroby.com> writes:

> Does this vulnerability require a login? Is a system safe if it does not
> allow root login, and password logins?

Nobody knows the answer at the moment.  There isn't any obvious way to
exploit the overflow (mind that the attacker cannot write arbitrary
data, just a couple of zeros), and I still doubt if it is exploitable
at all.

Reply to:

Follow-Ups:
- Re: ssh vulnerability in the wild
  - From: Josh Carroll <josh.carroll@psualum.com>

References:
- Re: ssh vulnerability in the wild
  - From: Ted Roby <secalert@tedroby.com>

Prev by Date: Re: [d-security] Re: ssh vulnerability in the wild
Next by Date: Re: [d-security] Re: ssh vulnerability in the wild
Previous by thread: Re: ssh vulnerability in the wild
Next by thread: Re: ssh vulnerability in the wild
Index(es):
- Date
- Thread