Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- From: Avleen Vig <lists-freebsd@xxxxxxxxxxxxxxxx>
- Date: Sat, 7 Oct 2006 12:12:16 -0700
On Mon, Oct 02, 2006 at 02:25:05PM -0700, Colin Percival wrote:
Theo de Raadt wrote:
The OpenSSH project believe that the race condition can lead to a Denial^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
of Service or potentially remote code execution
Bull***. Where did anyone say this?
The OpenSSH 4.4 release announcement says that, actually:
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pre-authentication remote code execution if GSSAPI authentication
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
is enabled, but the likelihood of successful exploitation appears
remote.
Theo: Maybe you should put people in charge who can read their own
release announcements before flaming a mailing list.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- From: Theo de Raadt
- Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- From: Colin Percival
- Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- Prev by Date: Re: FreeBSD-SA-06:23.openssl and compatx
- Next by Date: Re: cvs commit: ports/multimedia/win32-codecs Makefile distinfo pkg-plist
- Previous by thread: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
- Next by thread: FreeBSD-SA-06:23.openssl and compatx
- Index(es):
