Doug O'Halloran wrote:
>
> Actually, John, I beg to differ.
>
> It appears that you are running version 1.2.26 of either SSH.com or
> possibly OpenSSH. Either way, both are vulnerable to this particular
> exploit.
That's an old version, maybe even from the old Lrp 2.9.4 days.
[snip]
> I don't know what the current LEAF version is(no time to play), but if
> there is an interest in my updated package and I knew where to send it,
> I'll gladly do so.
There's recent version available. It's still very much
appreciated when people contribute, though. It takes a lot
of time to keep up with all the updates to every package.
Just post that you've done it with a link to it on this
list, and some devel folks will pick up on that and contact
you. Sign ya up.
> BTW, I tested it with
> $ ssh -v -l `perl -e '{print "A"x88000}'` localhost
> as mentioned in the similar advisory from
> http://www.securiteam.com/securitynews/5LP042K3FY.html
> and it appeared to function properly.
Huh? Perl.lrp? Haven't seen it yet :-)
Fyi, Oxygen sshd.lrp and ssh.lrp are OpenSSH 2.9p1.
Current from openssh.org is OpenSSH 2.9.9p2.
http://leaf.sourceforge.net/pub/oxygen/packages/
Cheers,
Matthew
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
