[NBLUG/talk] openssh exploit?

Daniel Smith linux2002 at daniel.org
Tue Sep 16 11:52:00 PDT 2003


>
>I've shut off forwarding to port 22 on my firewall for now. 
>Apparently, OpenSSH 3.7 fixes this bug (buffer overflow in buffer.c, 
>the exploit is apparently from reverse engineering the fix.)  But I 
>can't find 3.7 on any of the mirrors, and the main site is 
>overwhelmed (unsurprisingly.)
>
>
I don't see it on Debian, probably because I don't have
the unstable source addresses set up.

I found 3.7 via: http://www.openssh.com/portable.html

at: ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/

Sure would be nice to know what the checksum is supposed to
be for openssh-3.7p1.tar.gz - that would impress me more than
the signature file.

Daniel


-- 
Daniel L. Smith - Sonoma County, CA - AIM: SonomaDaniel
daniel.org     blog: JavaJoint.com    resume.daniel.org



More information about the talk mailing list