New FreeBSD, NetBSD Security Advisories

Dan writes "FreeBSD has formally announced a security advisory entitled "OpenSSH buffer management error" for the now famous OpenSSH advisory (OpenSSH has released a new version 3.7.1 to address this issue). NetBSD has issued a similar advisory and fix for this issue. NetBSD has released two additional security advisories entitled "Kernel memory disclosure via ibcs2" and "Insufficient argument checking in sysctl(2)"."

Patches vs. Fixes

[Dancin_Santa]

If you ever take a look at the patched code for one of these security advisories, you mainly see some special case code stuck in there to patch up the problem. You never see a reconsideration of the problem. I wonder how long it takes to go from a release version through patch after patch until a piece of code is just old and crufty and in need of wholesale replacement.

OS X

[Zelet]

Does this affect OS X's implementation of SSHD? So far Apple has not released a patch.

Re:deceit.

[R.Caley]

[...]But if someone can just crash it remotely without even getting to a shell it's not a hole? That doesn't makes sense to me.

The difference is that if they could get even a very limited shell, that would turn all the local exploit bugs into potential remote exploit holes. That is clearly an order of magnitude more dangerous than a simple DOS.

So, I think it makes sense to distinguish between the two cases, though I think just talking about `holes' is silly. Didn't they used to have `remote root exploit' or similar wording in there? Perhaps the PHBs didn't understand.