[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] new ssh exploit?

To: "Jonathan A. Zdziarski" <jonathan@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] new ssh exploit?
From: Valdis.Kletnieks@xxxxxx
Date: Wed, 17 Sep 2003 15:40:11 -0400

On Tue, 16 Sep 2003 16:45:05 EDT, Valdis.Kletnieks@xxxxxx said:

> On Tue, 16 Sep 2003 13:13:51 EDT, "Jonathan A. Zdziarski" <jonathan@nuclearel
ephant.com>  said:
> > Does anyone know if this vulnerability is present in the free
> > noncommercial ssh distribution from ssh.fi?
> 
> Looking at the relevant code in ssh 3.2.5, it appears not, as the ssh.com code
> was already using a temp variable the same way that the openssh code added 
> one.

I have *NOT* looked at the 3.7.1 patch, which I got notice of after I wrote 
that.

Attachment: pgp00038.pgp
Description: PGP signature

References:
- Re: [Full-Disclosure] new ssh exploit?
  - From: Ron DuFresne
- Re: [Full-Disclosure] new ssh exploit?
  - From: Jonathan A. Zdziarski
- Re: [Full-Disclosure] new ssh exploit?
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
Next by Date: SV: [Full-Disclosure] AMDPatchB & InstallStub
Previous by thread: Re: [Full-Disclosure] new ssh exploit?
Next by thread: Re: [Full-Disclosure] new ssh exploit?
Index(es):
- Date
- Thread