lsh patch (was Re: [Full-Disclosure] new ssh exploit?)
Bennett Todd
bet at rahul.net
Fri Sep 19 14:31:49 BST 2003
2003-09-19T18:48:24 KF:
> Well I messed with it a bit more and it seems to consistantly crash in the
> following areas...
Sorry for not following up sooner and saving you some effort; the
author has analyzed this one, posted a patch to lsh-bugs, and is
working on new releases that include the patch.
I attach the email that went to lsh-bugs. Short version: simple, one
line patch, _urgently_ needs to be applied by all users of lsh.
-Bennett
-------------- next part --------------
An embedded message was scrubbed...
From: nisse at lysator.liu.se (Niels =?iso-8859-1?q?M=F6ller?=)
Subject: lshd buffer overrun. Possibly remote root compromise.
Date: 18 Sep 2003 22:29:03 +0200
Size: 4215
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030919/ebd52cf0/attachment.mht
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030919/ebd52cf0/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.