oss-sec mailing list archives
Re: FreeBSD 4.x OpenSSH/libopie remote root hole
From: Colin Percival <cperciva () freebsd org>
Date: Mon, 04 Jul 2011 21:24:45 -0700
On 07/04/11 16:09, Solar Designer wrote:
I'd be interested in more detail on this bug. So far, the closest to a description of the bug that I saw is this: http://lists.openwall.net/full-disclosure/2011/07/01/4 but it's not enough. I'd like to learn not only on my own, but also on others' mistakes. ;-) And for this purpose it does not matter how old the software is and whether it is still supported or not. Colin - any comments from you? I realize the bug is not yours, but perhaps you're one of the few people who have figured it out now, for a reason similar to mine.
I haven't had time to investigate, in part because I don't have any systems running that ancient openssh any more. I'm interested to hear if anyone has tracked down exactly where the bug was, though. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
Current thread:
- FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Sebastian Krahmer (Jul 05)
- <Possible follow-ups>
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Markus Friedl (Jul 06)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 04)