Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-10-07 Thread Avleen Vig
On Mon, Oct 02, 2006 at 02:25:05PM -0700, Colin Percival wrote: > Theo de Raadt wrote: > >> The OpenSSH project believe that the race condition can lead to a Denial > >> of Service or potentially remote code execution > >^ > > Bullshit. Where did any

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-10-02 Thread Mark Peek
On 10/2/06 12:12 PM, Simon L. Nielsen wrote: On 2006.10.01 15:10:50 -0700, Mark Peek wrote: Topic: Multiple vulnerabilities in OpenSSH BTW, the patches for this advisory appear to also need a patch to add log.c into src/secure/usr.sbin/sshd/Makefile. Eh, why? log.c is built by libss

Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-10-02 Thread Colin Percival
Theo de Raadt wrote: >> The OpenSSH project believe that the race condition can lead to a Denial >> of Service or potentially remote code execution >^ > Bullshit. Where did anyone say this? The OpenSSH 4.4 release announcement says that, actually:

Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-10-02 Thread Theo de Raadt
> The OpenSSH project believe that the race condition can lead to a Denial > of Service or potentially remote code execution ^ Bullshit. Where did anyone say this? Why don't you put people in charge who can READ CODE, and SEE THAT THIS IS ABSOLUTE

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-10-02 Thread Simon L. Nielsen
On 2006.10.01 15:10:50 -0700, Mark Peek wrote: > >Topic: Multiple vulnerabilities in OpenSSH > > BTW, the patches for this advisory appear to also need a patch to add log.c > into src/secure/usr.sbin/sshd/Makefile. Eh, why? log.c is built by libssh. -- Simon L. Nielsen ___

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-10-02 Thread Simon L. Nielsen
On 2006.10.01 00:07:02 +0300, Pekka Savola wrote: > On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote: > >III. Impact > > > >An attacker sending specially crafted packets to sshd(8) can cause a > >Denial of Service by using 100% of CPU time until a connection timeout > >occurs. Since this att

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-10-01 Thread Mark Peek
On 9/30/06 1:24 PM, FreeBSD Security Advisories wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-06:22.opensshSecurity Advisory

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-09-30 Thread Pekka Savola
On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote: III. Impact An attacker sending specially crafted packets to sshd(8) can cause a Denial of Service by using 100% of CPU time until a connection timeout occurs. Since this attack can be performed over multiple connections simultaneously, it

FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

2006-09-30 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-06:22.opensshSecurity Advisory The FreeBSD Project Topic: M