+-From: Martin Oberhuber <[EMAIL PROTECTED]> -- |_Date: Thu, 08 Nov 2007 08:58:58 +0100 ____________________ | |Also note, that OpenSSH clients can successfully operate with the |IpSSH Sftp server without bailing out, so they seem to be less |vulnerable to not receiving the SSH_FXP_STATUS packet without |message even for server claiming version 3, than Jsch. (Or could it |be that the OpenSSH claims itself to be version 2? I dont know...)
Fumm,, I have already written... +-From: [EMAIL PROTECTED] (Atsuhiko Yamanaka) -- |_Date: Wed, 7 Nov 2007 12:02:48 +0900 _______ | |Anyway, we should survive for such OutOfMemory DOS attack. |# FYI, it seems OpenSSH's sftp command has not checked messages, OpenSSH's sftp command does not check messages in SSH_FXP_STATUS. It only get the error code and does not check further data. That is the reason. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ JSch-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jsch-users
