-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rick Warner wrote:
>> I'm not sure I'd equate a 4-month-old remotely exploitable buffer
>> overflow with a locally-exploitable vulnerability (*) that was
>> patched in hours. But that's just my opinion.
>
>Go back and read the reports.
The report to which I referred was from Marcus Friedl, and I have
attached it below.
Nobody's arguing that one should not assume the worst. That was, in
fact, my point. But it was also my point that you're comparing a
demonstrated exploit that went unpatched for four months, with a (by
some accounts, but not indicated below) possible remote exploit that
was patched in hours, and using that as a basis to say that OpenSSH is
no more secure than telnet. I don't think that's justified.
And when it comes to who to trust, draw your own conclusions, but it's
a safe bet that Friedl's team will be on top of things. Sun, on the
other hand, has an explicitly stated policy of patching when _they_
feel it's appropriate, and leaving administrators in the lurch for the
duration -- you have no choice but to disable a vulnerable service or
leave it exposed, in this case for several months.
- -d
Markus Friedl wrote:
>
>Date: Thu, 7 Mar 2002 12:56:33 +0100
>From: Markus Friedl <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED], [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
>Subject: OpenSSH Security Advisory (adv.channelalloc)
>
>
>1. Systems affected:
>
> All versions of OpenSSH between 2.0 and 3.0.2 contain
> an off-by-one error in the channel code.
>
> OpenSSH 3.1 and later are not affected.
>
>2. Impact:
>
> This bug can be exploited locally by an authenticated user
> logging into a vulnerable OpenSSH server or by a malicious
> SSH server attacking a vulnerable OpenSSH client.
>
>3. Solution:
>
> Upgrade to OpenSSH 3.1 or apply the following patch.
>
>4. Credits:
>
> This bug was discovered by Joost Pol <[EMAIL PROTECTED]>
>
>
>Appendix:
>
>Index: channels.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/channels.c,v
>retrieving revision 1.170
>retrieving revision 1.171
>diff -u -r1.170 -r1.171
>--- channels.c 27 Feb 2002 21:23:13 -0000 1.170
>+++ channels.c 4 Mar 2002 19:37:58 -0000 1.171
>@@ -146,7 +146,7 @@
> {
> Channel *c;
>
>- if (id < 0 || id > channels_alloc) {
>+ if (id < 0 || id >= channels_alloc) {
> log("channel_lookup: %d: bad id", id);
> return NULL;
> }
>
> [ Note: This message contains email list management information ]
>
- --
David Talkington
PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.75-6
iQA/AwUBPJInlb9BpdPKTBGtEQJAiwCgq7eomEHxILypu5M0HOr2vSbl3gwAoP7e
Muez2gJ8QkHUw3j1+xGXy+Pl
=ZGNO
-----END PGP SIGNATURE-----
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
