Opened 17 years ago

Closed 17 years ago

Last modified 16 years ago

#940 closed defect (fixed)

Security: OpenSSH buffer management error (FreeBSD-SA-03:12)

Reported by: danielluke (Daniel J. Luke) Owned by: charlie@…
Priority: Normal Milestone:
Component: ports Version: 1.0
Keywords: Cc: fkr@…
Port:

Description

openssh versions < 3.7(p1) contain a buffer management error (there are reports of exploit code in the wild, but I have not seen it or any attacks on my systems).

The OpenSSH needs to be updated to 3.7p1 and/or a patch like the FreeBSD one available here: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch needs to be applied.

Attachments (1)

openssh.Portfile.patch (610 bytes) - added by charlie@… 17 years ago.
Portfile patch

Download all attachments as: .zip

Change History (9)

comment:1 Changed 17 years ago by danielluke (Daniel J. Luke)

A more complete patch is available from: http://www.openssh.com/txt/buffer.adv

comment:2 Changed 17 years ago by charlie@…

Cc: fkr@… added
Status: newassigned

thanks for this,

fkr and I have it under control.

patch to follow

Changed 17 years ago by charlie@…

Attachment: openssh.Portfile.patch added

Portfile patch

comment:3 Changed 17 years ago by fkr@…

Resolution: fixed
Status: assignedclosed

committed. -fkr

comment:4 Changed 17 years ago by danielluke (Daniel J. Luke)

Resolution: fixed
Status: closedreopened

Shouldn't a note be sent out to a darwinports list about this?

comment:5 Changed 17 years ago by danielluke (Daniel J. Luke)

This is me pinging again.

There should probably be an advisory/note sent out to the darwinports list about this.

comment:6 Changed 17 years ago by fkr@…

this is in the pipe. stay tuned. -fkr

comment:7 Changed 17 years ago by charlie@…

oh? How so?

comment:8 Changed 17 years ago by fkr@…

Resolution: fixed
Status: reopenedclosed

see DarwinPorts-SA-03:08.openssh

Note: See TracTickets for help on using tickets.