[NBLUG/talk] openssh exploit?
Daniel Smith
linux2002 at daniel.org
Tue Sep 16 11:52:00 PDT 2003
>
>I've shut off forwarding to port 22 on my firewall for now.
>Apparently, OpenSSH 3.7 fixes this bug (buffer overflow in buffer.c,
>the exploit is apparently from reverse engineering the fix.) But I
>can't find 3.7 on any of the mirrors, and the main site is
>overwhelmed (unsurprisingly.)
>
>
I don't see it on Debian, probably because I don't have
the unstable source addresses set up.
I found 3.7 via: http://www.openssh.com/portable.html
at: ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/
Sure would be nice to know what the checksum is supposed to
be for openssh-3.7p1.tar.gz - that would impress me more than
the signature file.
Daniel
--
Daniel L. Smith - Sonoma County, CA - AIM: SonomaDaniel
daniel.org blog: JavaJoint.com resume.daniel.org
More information about the talk
mailing list