[ale] SSH Patch
synco gibraldter
synco at xodarap.net
Tue Sep 16 11:08:54 EDT 2003
On 16 Sep 2003 at 10:39, Jonathan Rickman wrote:
> > > I have not tested this yet, but it's safe to assume that we have
> > > moved beyond the rumor stage. Happy patching...
i've been googling [too early?] for the last 15 mins or so for info regarding this
change and i've found nothing... anybody have any more information?
> Patch details are at
> http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff
> ?r1=1.1.1.6&r2=1.1.1.7&f=h
it appears that they're now using an intermediate variable to change the buffer size
and check before adjusting the primary variable.... looks like it may have been
susceptible to an overflow? i can't tell for sure. anyone know if there are active
exploits yet or if this is a precaution? thanks.
-- synco gibraldter
-- atlanta, ga
-- synco at xodarap.net
-- key id: 0xC5117E0A
More information about the Ale
mailing list