SSH buffer management problem
Dan Burcaw
yellowdog-general@lists.terrasoftsolutions.com
Tue Sep 16 12:07:01 2003
I've pushed the update to mirrors. YDL.Net Enhanced customers
can grab this immediately. All others will need to wait for the mirrors
to sync.
Regards,
Dan
On Tue, 2003-09-16 at 10:10, Christopher TESSONE wrote:
> Just a heads-up, since most of us are probably running the OpenSSH
> 3.5p1 that shipped with YDL 3.0: OpenSSH has a buffer management error
> which may or may not allow someone to get root on your machine.
> Here's the announcement for OpenSSH 3.7, which fixes the error:
>
> http://www.securityfocus.com/archive/121/337633
>
> Here is a link suggesting it can, in fact, be used to gain root
> access. I haven't confirmed this myself, however:
>
> http://lists.netsys.com/pipermail/full-disclosure/2003-September/010116.html
>
> Cheers,
> Chris