[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH: What went wrong?

To: "Joseph W. Shaw II" <mrman@darkside.org>, misc@openbsd.org
Subject: Re: OpenSSH: What went wrong?
From: Jeff Bachtel <jeff@cepheid.org>
Date: Mon, 1 Jul 2002 17:04:31 -0500
Content-Disposition: inline
References: <200206290257.MAA04219@caligula.anu.edu.au> <Pine.BSO.4.44.0206290213220.6413-100000@lagwagon.darkside.org>
User-Agent: Mutt/1.2.5i

If anyone cares about this, this entire class of bugs received a
massive patching by Theo in the openbsd tree before openssh 3.3 was
patched to fix the exploit. I'm sure eyeballs are still looking at
u_int/int code, but a large number of fixes have already been
committed.

jeff

> I'm pretty certain we'll be seeing the team looking for similar integer
> overflows in the OpenBSD and related projects code very soon to catch any
> potential issues, just like they did with format string bugs.  If I wasn't
> confident in that I wouldn't continue using the software.  Now let them
> get to work and quit demanding answers from them like they owe you
> something.
> 
> Regards,
> --
> Joseph
> 

-- 
Jeff Bachtel  (root@ISC,TAMU)    http://www.cepheid.org/~jeff
				 [finger jeff@cepheid.org for PGP key]

Follow-Ups:
- Re: OpenSSH: What went wrong?
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: manpage installation
Next by Date: Re: allowing gre through 3.0 firewall
Prev by thread: Re: manpage installation
Next by thread: Re: OpenSSH: What went wrong?
Index(es):
- Date
- Thread