---------- Forwarded message ---------- Date: Thu, 7 Mar 2002 15:39:12 +0100 From: Jochem Kossen <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: OpenSSH root hole Yup, a new hole has been found in OpenSSH... Impact: HIGH: Existing users will gain root privileges. The advisory at http://www.pine.nl/advisories/pine-cert-20020301.txt says the FreeBSD OpenSSH port has been updated. Does anyone know when OpenSSH in base will be updated? The hole scares me a bit, although the patch is extremely small :) --- channels_old.c Mon Mar 4 02:07:06 2002 +++ channels.c Mon Mar 4 02:07:16 2002 @@ -151,7 +151,7 @@ channel_lookup(int id) { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; } To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-security" in the body of the message _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
