[12048] in bugtraq
Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Sep 29 15:15:27 1999
Content-Type: text
Message-Id: <E11W4ci-0001H3-00@the-village.bc.nu>
Date: Tue, 28 Sep 1999 22:17:18 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: Valdis.Kletnieks@VT.EDU
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199909280243.d8S2hKP04246@black-ice.cc.vt.edu> from
"Valdis.Kletnieks@VT.EDU" at Sep 27, 99 10:43:19 pm
> On Mon, 27 Sep 1999 11:35:44 EDT, Dan Astoorian <djast@CS.TORONTO.EDU> said:
> > A trivial demo program that demonstrates the problem is attached. (It
> > needs no special privileges; run it as an unprivileged user in any
> > writable directory.) The program reports "okay" under Solaris 2.5.1 and
> > IRIX 6.5.2, "vulnerable" under RedHat 6.
>
> AIX 4.3.2 with all the recent Fixdist patches also says "okay".
Linux will also do so very soon. There are no standards issues here just
common sense. So Solar's patches for that and mknod are "no brainer" fixes
