To quote the FreeBSD draft advisory taken from freebsd-security: III. Impact
A remote attacker can cause OpenSSH to crash. The bug is not believed to be exploitable for code execution on FreeBSD. --- excerpt --- So it depends on your definition of remote hole. This doesn't appear to have potential for anything other than DoS. On 17 Sep 2003 at 6:43, Darren Reed wrote: > In some mail from Edward W. Ray, sie said: > > > > Either your just an ass or an Theo hater or both. > > > > Either way, your comments are without merit. If one looks at the record of > > OpenBSD and OpenSSH it is certainly way better than the other software out > > there. > > Really ? I think you'll find that there are quite a number of people, > aside from myself, who think that the "1 exploit in X years" is on one > end of it as misleading and the other end, a lie, excluding this current > openssh problem. > > But that statement is as much market fodder as much anything else. > > As for the "way better", I'll take your comment as a completely > subjective comment as the way in which you measure software > quality may not be the same as the way I (or others) measure it. > > I could go on and cite examples but I don't think that's necessary. > > Some people, like you, believe openbsd/openssh is the best software > that exists today. Others don't and I'm sure there are examples and > counter examples to prove either side. My only advice is try not to > take criticism of it personally. > > Darren > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
