Bugtraq mailing list archives
Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)
From: green () FREEBSD ORG (Brian Fundakowski Feldman)
Date: Sun, 14 Nov 1999 19:23:52 -0500
On Sat, 13 Nov 1999, Theo de Raadt wrote:
The upcoming OpenBSD 2.6 release contains/includes an ssh implimentation which is derived from an earlier ssh 1 (and thus has no Datafellows licencing issues). We are calling this ssh by the name "OpenSSH". Anyways, in the process of rewriting parts of ssh, the OpenSSH developers accidentally fixed this bug. Whoops! :-)
I'd like people to note that, in FreeBSD, you should be using the "OpenSSH-1.2" package, ports/security/openssh. This is a direct port of the OpenSSH source from the OpenBSD CVS, and as such is that much more secure than plain SSH, and OpenSSH should be used instead where possible. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green () FreeBSD org `------------------------------'
Current thread:
- ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Blue Boar (Nov 13)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Theo de Raadt (Nov 13)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Szilveszter Adam (Nov 14)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Brian Fundakowski Feldman (Nov 14)
- BIND 8.2.2-P5 release announcement Roger Fajman (Nov 13)
- <Possible follow-ups>
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Oystein Viggen (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Daniel Jacobowitz (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Jochen Bauer (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Nick Craig-Wood (Nov 18)
- ProFTPd - mod_sqlpw.c Todd C. Campbell (Nov 19)
- Pandora v4 Beta 2 Software Simple Nomad (Nov 19)
- Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Ussr Labs (Nov 16)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Seth R Arnold (Nov 17)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Marc (Nov 17)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Theo de Raadt (Nov 13)