quote from main Ilug list
>> More detail (from FreeBSD-announce, don't know how relevant to Linux):
>> II. Problem Description
>> When a packet is received that is larger than the space remaining the
> allocated buffer, OpenSSH's buffer management attempts to reallocate a
> buffer. During this process, the recorded size of the buffer is
> increased. The
> new size is then range checked. If the range check fails, then
> fatal() is
> called to cleanup and exit. In some cases the cleanup code will
> attempt to zero
> and free the buffer that just had its recorded size (but not actual
> increased. As a result, memory outside of the allocated buffer will
> overwritten with NUL bytes.
>> III. Impact
>> A remote attacker can cause OpenSSH to crash. The bug is not believed
> to be
> exploitable for code execution on FreeBSD.
>> (From FreeBSD-SA-03:12)
So update your OpenSSH server,now!
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!