oss-sec mailing list archives
Re: FreeBSD 4.x OpenSSH/libopie remote root hole
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 5 Jul 2011 11:36:36 +0200
On Tue, Jul 05, 2011 at 03:09:06AM +0400, Solar Designer wrote:
Hi, I'd be interested in more detail on this bug. So far, the closest to a description of the bug that I saw is this: http://lists.openwall.net/full-disclosure/2011/07/01/4 but it's not enough. I'd like to learn not only on my own, but also on others' mistakes. ;-) And for this purpose it does not matter how old the software is and whether it is still supported or not. Colin - any comments from you? I realize the bug is not yours, but perhaps you're one of the few people who have figured it out now, for a reason similar to mine. Red Hat - a lesson for you might be to stop linking sshd against so many libraries (over 20 last time I checked). Don't wait until your remote root, really. ;-) Yes, this means dropping some functionality,
What a true word, probably not just for RedHat. -s -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Current thread:
- FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Sebastian Krahmer (Jul 05)
- <Possible follow-ups>
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Markus Friedl (Jul 06)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 04)