[12589] in bugtraq
Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)
daemon@ATHENA.MIT.EDU (Brian Fundakowski Feldman)
Mon Nov 15 01:43:41 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.10.9911141918300.46452-100000@green.myip.org>
Date: Sun, 14 Nov 1999 19:23:52 -0500
Reply-To: Brian Fundakowski Feldman <green@FREEBSD.ORG>
From: Brian Fundakowski Feldman <green@FREEBSD.ORG>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199911140318.UAA17977@cvs.openbsd.org>
On Sat, 13 Nov 1999, Theo de Raadt wrote:
> The upcoming OpenBSD 2.6 release contains/includes an ssh implimentation
> which is derived from an earlier ssh 1 (and thus has no Datafellows
> licencing issues). We are calling this ssh by the name "OpenSSH".
>
> Anyways, in the process of rewriting parts of ssh, the OpenSSH
> developers accidentally fixed this bug. Whoops! :-)
I'd like people to note that, in FreeBSD, you should be using the
"OpenSSH-1.2" package, ports/security/openssh. This is a direct port
of the OpenSSH source from the OpenBSD CVS, and as such is that much
more secure than plain SSH, and OpenSSH should be used instead where
possible.
--
Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
green@FreeBSD.org `------------------------------'
