oss-sec mailing list archives
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Fri, 15 Jan 2016 16:56:13 +0100
Great work Qualys. One question about the PoC: On Thu, Jan 14, 2016 at 6:13 PM, Qualys Security Advisory <qsa () qualys com> wrote:
# env ROAMING="heap_massaging:linux" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
Does your proof of concept patch actually include support for this heap_massaging mode? Thanks, Jason
Current thread:
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778, (continued)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Rich Felker (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 18)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 20)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yves-Alexis Perez (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jason A. Donenfeld (Jan 15)