ssh 1.2.26 Security Vulnarabilities/ patch/ deb package
Florian Lohoff
flo at quit.mediaways.net
Tue Nov 3 10:14:18 CET 1998
On Mon, Nov 02, 1998 at 03:53:32PM +0100, Florian Lohoff wrote:
> Hi,
> ihr habt ja sicher schon die bugs/vulnarabilites in ssh 1.2.26 mitbekommen.
>
> http://news.freshmeat.net/readmore?f=ssh-vulnerability
>
> Ich habe daraufhin mal schnell den von IBM vorgeschlagenen aenderungen
> vorgenommen und daraus einen patch erstellt. U.a. habe ich auch noch
> ein Debian/GNU/Linux 2.0 (glibc2) package erstellt was bereits
> auf einigen kisten von mir laeuft.
>
> Ihr koennt den patch, das 1.2.26(p) tarball und das deb package
> unter
>
> ftp://move.mediaways.net/pub/ssh
Hmmm .. seltsames ding ... gestern Abend scheint IBM den ERS wieder zurueck
gezogen zu haben:
------schnipp--------------------------------------------------------
ERS-SVA-E01-1998:005.1
Buffer overflow condition in "sshd" logging facility.
This advisory was CANCELLED on Nov. 1, 1998 without ever having
been issued. The potential buffer overflow condition described
in the advisory was determined to have been caused by outside
factors, and does not appear to be an exploitable condition in
"sshd." Unfortunately, a draft copy of this advisory was included
in Rootshell Bulletin #25 on Nov. 1, 1998. The contents of this
advisory should be DISREGARDED.
-----------------------schnapp---------------------------------------
Zu finden unter
http://www.ers.ibm.com/tech-info/advisories/sva/1998/index.html
Flo
--
Florian.Lohoff at mediaWays.net +49-5241-80-7085
Good, Fast, Cheap: Pick any two (you can't have all three). (RFC 1925)
More information about the Linux
mailing list