Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- From: Colin Percival <cperciva@xxxxxxxxxxx>
- Date: Mon, 02 Oct 2006 14:25:05 -0700
Theo de Raadt wrote:
The OpenSSH project believe that the race condition can lead to a Denial^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
of Service or potentially remote code execution
Bull***. Where did anyone say this?
The OpenSSH 4.4 release announcement says that, actually:
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pre-authentication remote code execution if GSSAPI authentication
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
is enabled, but the likelihood of successful exploitation appears
remote.
Colin Percival
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- From: Avleen Vig
- Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- References:
- Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- From: Theo de Raadt
- Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- Prev by Date: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- Next by Date: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- Previous by thread: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- Next by thread: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- Index(es):
