On Tuesday 16 September 2003 22:15, Jan Ciger wrote: > Han Boetes wrote: > | Always fun in the #openbsd channel. Always some people who want to > | make it seems like the end of the world and the next worldwar. > > Ehm, there are reports that it lead to root compromise already, so I > would execute extreme caution about this one. Considering that SSH is > on almost every Unix system, this may be a major issue.
well, after reading the diff http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h i see that some memory that shouldn't be freed is freed, thus probably crashing sshs ( which is annoying, if you do not use ssh_monitor ). But, i do not see how someone can use this to inject a shellcode, but maybe time will prove i am wrong. > | The text is very clear though: > | > | > | All versions of OpenSSH's sshd prior to 3.7 contain a buffer > | management error. It is uncertain whether this error is > | potentially exploitable, however, we prefer to see bugs > | fixed proactively. > > This just means, that they do not know about the exploit yet :-( Not > that your machine cannot be compromised. the same can be say about any server. -- Micha�l Scherer
