netbsd-help: SSH vulnerability

Subject: SSH vulnerability
To: None <netbsd-help@netbsd.org>
From: Claude Marinier <claude.marinier@dreo.dnd.ca>
List: netbsd-help
Date: 02/14/2001 09:26:58

Hi,

Does this apply to us?

> From Security_UPDATE@list.win2000mag.net Wed Feb 14 09:25:24 2001
> Date: Tue, 13 Feb 2001 15:36:20 -0600
> From: Security UPDATE <Security_UPDATE@list.win2000mag.net>
> Subject: SECURITY ALERT, February 13,
>      2001: PCAnywhere DoS; SSH Buffer Overflow; NT 4.0 Privilege Escalation
>
> =====================================================================
> Security Alert, February 13, 2001
>
>    BindView RAZOR reported that implementations of Secure Shell (SSH)
> that include CORE SDI's deattack.c code are vulnerable to an integer
> overflow attack that can let arbitrary commands execute on the host
> server. SSH vendors are aware of the matter, and many have already
> released patches to correct the matter.

-- 
Claude Marinier, Information Technology Group    claude.marinier@dreo.dnd.ca
Defence Research Establishment Ottawa (DREO)    (613) 998-4901  FAX 998-2675
3701 Carling Avenue, Ottawa, Ontario  K1A 0Z4         http://www.dreo.dnd.ca