SSH buffer management problem
Christopher TESSONE
yellowdog-general@lists.terrasoftsolutions.com
Tue Sep 16 10:11:01 2003
Just a heads-up, since most of us are probably running the OpenSSH
3.5p1 that shipped with YDL 3.0: OpenSSH has a buffer management error
which may or may not allow someone to get root on your machine.
Here's the announcement for OpenSSH 3.7, which fixes the error:
http://www.securityfocus.com/archive/121/337633
Here is a link suggesting it can, in fact, be used to gain root
access. I haven't confirmed this myself, however:
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010116.html
Cheers,
Chris
--
Christopher A. Tessone
Knox College, Galesburg, Illinois
BA Student, Russian and Mathematics
http://www.polyglut.net/