[linux-sec-uk] OpenSSH buffer management error

Doug Winter linux-sec-uk at mailman.lug.org.uk
Wed Sep 17 11:06:00 2003


--Izn7cH1Com+I3R9J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed 17 Sep James Davis wrote:
> No :) all I have is various reports that some systems are exploitable and
> some reports saying that other systems aren't. I'm probably just as
> confused as you are and should have made that clear in my post. I've seen
> a few sketchy reports about incidents where intruders appear to have
> exploited OpenSSH but nothing firm

I suspect this is just your usual "we hate Theo" propaganda - I'd take
those claims with a pinch of salt if they're presented without evidence.

Obviously this doesn't mean you shouldn't patch your boxes :>

doug.

--=20
6973E2CF print 2C95 66AD 1596 37D2 41FC  609F 76C0 A4EC 6973 E2CF
"If you are the type of person who likes assault weapons, there
is a place for you - the United States Army. We have them."
   -- General Wesley Clark, responding to a question on gun control


--Izn7cH1Com+I3R9J
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/aDHZdsCk7Glz4s8RApnVAKCXNZk8wJx3KnAfyHGP3dV5j1AedACdFsoe
SVeA8yijroE2nbWIQzhoRLs=
=kRIc
-----END PGP SIGNATURE-----

--Izn7cH1Com+I3R9J--