[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] new ssh exploit?

To: "Jonathan A. Zdziarski" <jonathan@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] new ssh exploit?
From: Valdis.Kletnieks@xxxxxx
Date: Tue, 16 Sep 2003 16:45:05 -0400

On Tue, 16 Sep 2003 13:13:51 EDT, "Jonathan A. Zdziarski" 
<jonathan@xxxxxxxxxxxxxxxxxxx>  said:
> Does anyone know if this vulnerability is present in the free
> noncommercial ssh distribution from ssh.fi?

Looking at the relevant code in ssh 3.2.5, it appears not, as the ssh.com code
was already using a temp variable the same way that the openssh code added one.

Attachment: pgp00035.pgp
Description: PGP signature

Follow-Ups:
- Re: [Full-Disclosure] new ssh exploit?
  - From: Valdis . Kletnieks

References:
- Re: [Full-Disclosure] new ssh exploit?
  - From: Ron DuFresne
- Re: [Full-Disclosure] new ssh exploit?
  - From: Jonathan A. Zdziarski

Prev by Date: [Full-Disclosure] [SECURITY] [DSA-383-1] OpenSSH buffer management fix
Next by Date: RE: [Full-Disclosure] Lun_mountd.c vs mounty.c
Previous by thread: Re: [Full-Disclosure] new ssh exploit?
Next by thread: Re: [Full-Disclosure] new ssh exploit?
Index(es):
- Date
- Thread