Slashdot Mirror

← Back to Stories (view on slashdot.org)

New FreeBSD, NetBSD Security Advisories

Posted by timothy on Wednesday September 17, 2003 @01:19AM from the tell-everyone-why-don't-you dept.

Dan writes "FreeBSD has formally announced a security advisory entitled "OpenSSH buffer management error" for the now famous OpenSSH advisory (OpenSSH has released a new version 3.7.1 to address this issue). NetBSD has issued a similar advisory and fix for this issue. NetBSD has released two additional security advisories entitled "Kernel memory disclosure via ibcs2" and "Insufficient argument checking in sysctl(2)"."

3 of 71 comments (clear)

Min score:

Reason:

Sort:

Re:deceit. by sirket · 2003-09-17 04:29 · Score: 2, Insightful

This isn't a hole on OpenBSD. According to Theo this can only crash SSHD, not give access.

-sirket
Re:Patches vs. Fixes by Anonymous Coward · 2003-09-17 04:41 · Score: 4, Insightful

If you ever take a look at the patched code for one of these security advisories, you mainly see some special case code stuck in there to patch up the problem.

If you ever take a look at the actual *problem*, you'll find that hey are usually just buffer overflows or other unchecked data, in which case 'some special case code' is the only appropriate course of action.
Re:So what? by MavEtJu · 2003-09-17 17:44 · Score: 2, Insightful

It wasn't so much an exploit but more a denial of service.

If there is a way for third parties to disable a service running on my computer, yes I would like to be informed by it :-)

--
bash$ :(){ :|:&};: