Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit In lsh

Posted by timothy on from the harsh-eye dept.

skookum writes "After last week's OpenSSH patch-fest, a lot of people suggested GNU lsh as a replacement. Unfortunately, it seems that the lsh team has recently discovered a heap overflow bug of their own that can lead to compromise. An exploit was posted to BugTraq two days ago. Happy patching."

13 of 445 comments (clear)

  1. That's it by Anonymous Coward · · Score: 5, Funny

    I am switching to a vendor, who takes security seriously. Enough of this patching crap.

    1. Re:That's it by dimss · · Score: 1, Funny

      The only vendor who prepackages it's OSes with lots of useful stuff -- Media Player, Internet Explorer, Worms, Viruses...

  2. That is it I quit by Anonymous Coward · · Score: 5, Funny

    Between MS worms, SSH, and this I am throwing down my keyboard...

    Oh wait is that a new slashdot article?

    I might be able to get first post...

    1. Re:That is it I quit by nacturation · · Score: 2, Funny

      Between MS worms, SSH, and this I am throwing down my keyboard...

      Oh wait is that a new slashdot article?

      I might be able to get first post...

      Well, I guess you'll have to settle for frosty piss instead.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  3. Thank God! by Unominous+Coward · · Score: 4, Funny

    I am even more glad than ever that I use telnet!

    --
    "Smoking helps you lose weight - one lung at a time" -- A. E. Neumann
  4. oh, right by SweetAndSourJesus · · Score: 2, Funny

    The five people on the planet using ish really slowed down those who sought to exploit the ssh vulnerability.

    --

    --
    the strongest word is still the word "free"
  5. Re:Telnet by cscx · · Score: 3, Funny

    Any admin who checked the lsh mailing list in the morning would have seen the error and the fix, and been well ahead of the exploit.

    Don't you mean "the admin," or is there really more than one person using lsh?

  6. Re:Telnet by quantaman · · Score: 3, Funny

    Good software !== no bugs ever.

    Just like good posts don't require logical operators that actually exist.

    --
    I stole this Sig
  7. lsh? by Sexy+Commando · · Score: 2, Funny
    Hey, for gentoo users, if a piece of software is not in portage tree, it never exists.

    At least that's how I feel.

  8. Re:Another forum for bashing Microsoft by UserGoogol · · Score: 5, Funny
    And this, my friends, is why software should never be popular. Use OpenBSD!

    Warning. The preceeding has been detected by Slashdot to contain sarcasm. OpenBSD is, of course, wonderful. Unlike those commies using FreeBSD.
    --The Management

    --
    "Never attribute to malice that which can be adequately explained by stupidity." -- Hanlon's Razor
  9. Re:Telnet by quantaman · · Score: 3, Funny

    Grrr, stupid PHP!

    --
    I stole this Sig
  10. Re:After 20+ years of buffer overflow exploits... by Chester+K · · Score: 4, Funny

    I think it's time we started writing system software (that is, software which provides services but which runs as a process under the OS) in a language which doesn't have these problems. And if a suitable language is unavailable, that argues strongly for creating that language.

    Careful there tiger, you're starting to sound exactly like Microsoft --- that's what they're in the middle of doing with C#; and we certainly don't want to imply that the OSS community needs to play catch-up with Microsoft when it comes to security practices.

    --

    NO CARRIER
  11. Re:I have to laugh by zulux · · Score: 4, Funny

    Cleaner, more readable code is easier to audit.
    Cleaner, more readable code is easier to bugfix.
    Cleaner, more readable code is easier to add features to.
    Cleaner, more readable code is simply Good Stuff.

    I think you need to do a bit of re-factoring there. ;)

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.