#940 closed defect (fixed)
Security: OpenSSH buffer management error (FreeBSD-SA-03:12)
| Reported by: | danielluke (Daniel J. Luke) | Owned by: | charlie@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.0 |
| Keywords: | Cc: | fkr@… | |
| Port: |
Description
openssh versions < 3.7(p1) contain a buffer management error (there are reports of exploit code in the wild, but I have not seen it or any attacks on my systems).
The OpenSSH needs to be updated to 3.7p1 and/or a patch like the FreeBSD one available here: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch needs to be applied.
Attachments (1)
Change History (9)
comment:1 Changed 21 years ago by danielluke (Daniel J. Luke)
comment:2 Changed 21 years ago by charlie@…
| Cc: | fkr@… added |
|---|---|
| Status: | new → assigned |
thanks for this,
fkr and I have it under control.
patch to follow
comment:3 Changed 21 years ago by fkr@…
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
committed. -fkr
comment:4 Changed 21 years ago by danielluke (Daniel J. Luke)
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Shouldn't a note be sent out to a darwinports list about this?
comment:5 Changed 21 years ago by danielluke (Daniel J. Luke)
This is me pinging again.
There should probably be an advisory/note sent out to the darwinports list about this.
comment:8 Changed 21 years ago by fkr@…
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
see DarwinPorts-SA-03:08.openssh
Note: See
TracTickets for help on using
tickets.
A more complete patch is available from: http://www.openssh.com/txt/buffer.adv