Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)

From: green () FREEBSD ORG (Brian Fundakowski Feldman)
Date: Sun, 14 Nov 1999 19:23:52 -0500

On Sat, 13 Nov 1999, Theo de Raadt wrote:


The upcoming OpenBSD 2.6 release contains/includes an ssh implimentation
which is derived from an earlier ssh 1 (and thus has no Datafellows
licencing issues).  We are calling this ssh by the name "OpenSSH".

Anyways, in the process of rewriting parts of ssh, the OpenSSH
developers accidentally fixed this bug.  Whoops! :-)


I'd like people to note that, in FreeBSD, you should be using the
"OpenSSH-1.2" package, ports/security/openssh.  This is a direct port
of the OpenSSH source from the OpenBSD CVS, and as such is that much
more secure than plain SSH, and OpenSSH should be used instead where
possible.

--
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green () FreeBSD org                    `------------------------------'
Previous By Date Next
Previous By Thread Next

Current thread: