Just in case no one from this list saw this. Sorry if it is a repeat. ----- Forwarded message from Frank <[EMAIL PROTECTED]> ----- Approved-By: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Mailer: Security Focus Date: Tue, 9 Nov 1999 01:48:53 -0000 Reply-To: Frank <[EMAIL PROTECTED]> From: Frank <[EMAIL PROTECTED]> Subject: ssh-1.2.27 remote buffer overflow - exploitable X-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-jf: 19990331, 1:1,2:1,3:1,4:0,ad:1,bo:1,di:1,do:0,he:1,ip:1,us:0 This is submitted to the Freebsd bug tracking system, although there are doubtless other vendors who leave this package, despite the existence of the ssh-2.X. While Debian appears to be immune, I was able to crash my ssh daemon (much to my dismay), and there appears the potential to execute arbitrary code, as long as you encrypt it first... Here is the freebsd report.. it describes the method to crash a remote Ssh daemon (lets hope you ran sshd from your xinetd, etc). http://www.freebsd.org/cgi/query-pr.cgi?pr=14749 ----- End forwarded message ----- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dale Harris <[EMAIL PROTECTED]> GPG key: 372FBD57 http://www.maybe.org/ M.A.Y.B.E. = Maybe is an Altruistic Yet Bohemian Enigma
