patched ssh/ssl on Fink
Massimo Marino
Massimo_Marino at lbl.gov
Thu Oct 2 23:25:57 PDT 2003
On Friday, October 3, 2003, at 04:00 AM, PowerBook G4 Titanium List
wrote:
> Date: Thu, 2 Oct 2003 18:23:22 +0100
> Subject: Re: [Ti] more 10.2.8 and car analogies
> From: Tarik <tarik at opalblue.com>
> Message-Id: <1FE4A626-F4FD-11D7-AA8F-0003930345B8 at opalblue.com>
>
>
> On Thursday, October 2, 2003, at 03:36 pm, Jesse Brown wrote:
>
>>> I don't give a rats
>>> arse whether or not you enable "remote login". The vulnerability
>>> involves a buffer mismanagement problem whereby an attacker can gain
>>> root access to the machine via the sshd user process.
>>
>> The Buffer Management bug you refer to has not been proven to be
>> exploitable
>
> I also agree with Jesse that the exploit has not yet been publicly
> proven.
>
[snip]
Fink has patched versions of both openSSH and openSSL. They are very
fast at releasing patches. Even faster then Apple itself.
Massimo
More information about the Titanium
mailing list