Hi, is there already a statement if the SuSE openssh versions are vulnerable? http://lists.netsys.com/pipermail/full-disclosure/2003-September/010103.html I looked in the patched version for SuSE 7.3 and if I understand the fix at http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7 then the 7.3 version seems to be vulnerable, too. cu, Frank -- Dipl.-Inform. Frank Steiner Mail: fst@bio.informatik.uni-muenchen.de Lehrstuhl f. Bioinformatik Mail: frank@familiesteiner.de LMU, Theresienstrasse 39 Phone: +49 89 2180-4049, Fax: -4054 80333 Muenchen, Germany http://www.informatik.uni-kiel.de/~fst/
Hi,
is there already a statement if the SuSE openssh versions are vulnerable? http://lists.netsys.com/pipermail/full-disclosure/2003-September/010103.html
I looked in the patched version for SuSE 7.3 and if I understand the fix at http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7 then the 7.3 version seems to be vulnerable, too.
It is unclear if the found bug is exploitable, as of now. However, we don't guess. Updates are in progress, and expected for later today, including announcement. Roman.
participants (2)
-
Frank Steiner
-
Roman Drahtmueller