On Tue, 16 Sep 2003, Michael Scherer wrote: > On Tuesday 16 September 2003 22:15, Jan Ciger wrote: > > Han Boetes wrote: > > | Always fun in the #openbsd channel. Always some people who want to > > | make it seems like the end of the world and the next worldwar. > > > > Ehm, there are reports that it lead to root compromise already, so I > > would execute extreme caution about this one. Considering that SSH is > > on almost every Unix system, this may be a major issue. > > well, after reading the diff > http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h > > i see that some memory that shouldn't be freed is freed, thus probably > crashing sshs ( which is annoying, if you do not use ssh_monitor ). > But, i do not see how someone can use this to inject a shellcode, but > maybe time will prove i am wrong. > > > > | The text is very clear though: > > | > > | > > | All versions of OpenSSH's sshd prior to 3.7 contain a buffer > > | management error. It is uncertain whether this error is > > | potentially exploitable, however, we prefer to see bugs > > | fixed proactively. > > > > This just means, that they do not know about the exploit yet :-( Not > > that your machine cannot be compromised. > > the same can be say about any server. > > FYI, I see updates are already on mandrakesecure. Did we beat RH this time?
d.