[24699] in bugtraq
Re: ZLib double free bug: Windows NT potentially unaffected
daemon@ATHENA.MIT.EDU (Dragos Ruiu)
Fri Mar 15 00:56:32 2002
Date: Thu, 14 Mar 2002 20:20:31 +0000
From: Dragos Ruiu <dr@kyx.net>
To: Dragos Ruiu <dr@kyx.net>
Cc: noog@libero.it, bugtraq@securityfocus.com, niels@openbsd.org
Message-Id: <20020314202031.32f58bd5.dr@kyx.net>
In-Reply-To: <20020314180506.2f34b7c4.dr@kyx.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
On Thu, 14 Mar 2002 18:05:06 +0000
Dragos Ruiu <dr@kyx.net> wrote:
> P.P.s. in other gossip, discussion of this vulnerability in such rapid succession
> with the recent off by one has led Niels Provos to have some wonderful ideas,
> and he's coming up with a priviledge separated version of sshd that does not
> need to be root when handling network input. Details on his homepage. His patch
> is not quite working yet, but he says it will migrate into the portable version
> of openssh when tested and debugged. Wheee. Provos++
>
> (Plug: come talk to him about it in Vancouver in May at cansecwest. :-)
Ok, Niels is a fast developer.
The tarball at http://www.citi.umich.edu/u/provos/ssh/privsep.html
(not the patch) is the appropriate item to download.
It still messes up on me for one strange client of mine and it still doesn't
like putty but it looks like some other ssh's n stupf work now. Who
knows, by the time you read this Niels may have fixed it all up.
cheers,
--dr
--
--dr pgpkey: http://dragos.com/dr-dursec.asc
CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com
