On Tue, Sep 16, 2003 at 11:26:52AM -0400, Michael Stone wrote: > On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote: > >Is there an emergency patch/workaround for this, if disabling ssh is not > >an option? > > No. >
Actually, there is a patch for buffer.c: http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h I've applied that patch to woody's ssh source, rebuilt it, and installed it on a number of servers already. Hopefully that's the patch for this particular exploit. Not having seen the source code for the exploit, I have no idea what is being exploited. Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
