Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] openssh exploit?
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Tue, 16 Sep 2003 15:24:38 +0200 (MEST)
  • Message-id: <Pine.LNX.4.58.0309161523470.7981@xxxxxxxxxxxx>
> Hi,
>
> is there already a statement if the SuSE openssh versions are vulnerable?
> http://lists.netsys.com/pipermail/full-disclosure/2003-September/010103.html
>
> I looked in the patched version for SuSE 7.3 and if I understand the fix at
> http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7
> then the 7.3 version seems to be vulnerable, too.
>

It is unclear if the found bug is exploitable, as of now.

However, we don't guess. Updates are in progress, and expected for later
today, including announcement.


Roman.

< Previous Next >
References