RE: [Full-Disclosure] The lowdown on SSH vulnerability

2003-09-19 Thread Ivan Dimitrov
I'm going to write my "Thank You Theo" to the man. I hope his mailbox fills with another 10,000,000 email like mine to which he does not need to respond. On Tue, 2003-09-16 at 16:16, Andy Wood wrote: > Well maybe he's had to answer 10,000,000 email on it, which if he > doesn't respond he'll

Re: [Full-Disclosure] The lowdown on SSH vulnerability

2003-09-16 Thread Joe Shevland
- Original Message - From: "Daniel Berg" <[EMAIL PROTECTED]> To: "Carl Livitt" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, September 16, 2003 11:22 PM Subject: Re: [Full-Disclosure] The lowdown on SSH vulnerability > Nice conversa

Re: [Full-Disclosure] The lowdown on SSH vulnerability

2003-09-16 Thread Mark Vevers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 16 Sep 2003 2:09 pm, Carl Livitt wrote: > There _is_ a patch: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1 >.1.1.6&r2=1.1.1.7&f=h - From the changelog for the release for todays version of openssh 3.7

Re: [Full-Disclosure] The lowdown on SSH vulnerability

2003-09-16 Thread B.K. DeLong
At 01:09 PM 9/16/2003 +, you wrote: There _is_ a patch: http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h Heh - hopefully people will thank Theo greatly for such a timely release ;) -- B.K. DeLong [EMAIL PROTECTED] +1.617.797.2472 http://ocw.mit

Re: [Full-Disclosure] The lowdown on SSH vulnerability

2003-09-16 Thread Daniel Berg
Nice conversation, makes clear why Theo is loved by so many people. So what we know now is that possibly core devices like Firewalls and Switches and whatnot could be attacked as well. Can anyone confirm this? Any suggestions on how to workaround this? Cheers Daniel On Tue, 2003-09-16 at 14:25

Re: [Full-Disclosure] The lowdown on SSH vulnerability

2003-09-16 Thread Robert Jaroszuk
On Tue, 16 Sep 2003, Carl Livitt wrote: ; ; There _is_ a patch: ; ; http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h There is also new openssh released: ftp://ftp1.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz -- . Robert

RE: [Full-Disclosure] The lowdown on SSH vulnerability

2003-09-16 Thread Andy Wood
Well maybe he's had to answer 10,000,000 email on it, which if he doesn't respond he'll get the same press as you're giving up. Maybe he's swamped with other contributions to the computing industry. Seeing that yer so tireless why don't you learn to write patches instead of just squawking

Re: [Full-Disclosure] The lowdown on SSH vulnerability

2003-09-16 Thread Carl Livitt
There _is_ a patch: http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h Carl. On Tuesday 16 September 2003 12:25, Carl Livitt wrote: > Straight from the horses mouth, this is a snippet of an email conversation > I just had with Theo Deraadt: > >