Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit In lsh

Posted by timothy on from the harsh-eye dept.

skookum writes "After last week's OpenSSH patch-fest, a lot of people suggested GNU lsh as a replacement. Unfortunately, it seems that the lsh team has recently discovered a heap overflow bug of their own that can lead to compromise. An exploit was posted to BugTraq two days ago. Happy patching."

9 of 445 comments (clear)

  1. That's it by Anonymous Coward · · Score: 5, Funny

    I am switching to a vendor, who takes security seriously. Enough of this patching crap.

  2. That is it I quit by Anonymous Coward · · Score: 5, Funny

    Between MS worms, SSH, and this I am throwing down my keyboard...

    Oh wait is that a new slashdot article?

    I might be able to get first post...

  3. Thank God! by Unominous+Coward · · Score: 4, Funny

    I am even more glad than ever that I use telnet!

    --
    "Smoking helps you lose weight - one lung at a time" -- A. E. Neumann
  4. Re:Telnet by cscx · · Score: 3, Funny

    Any admin who checked the lsh mailing list in the morning would have seen the error and the fix, and been well ahead of the exploit.

    Don't you mean "the admin," or is there really more than one person using lsh?

  5. Re:Telnet by quantaman · · Score: 3, Funny

    Good software !== no bugs ever.

    Just like good posts don't require logical operators that actually exist.

    --
    I stole this Sig
  6. Re:Another forum for bashing Microsoft by UserGoogol · · Score: 5, Funny
    And this, my friends, is why software should never be popular. Use OpenBSD!

    Warning. The preceeding has been detected by Slashdot to contain sarcasm. OpenBSD is, of course, wonderful. Unlike those commies using FreeBSD.
    --The Management

    --
    "Never attribute to malice that which can be adequately explained by stupidity." -- Hanlon's Razor
  7. Re:Telnet by quantaman · · Score: 3, Funny

    Grrr, stupid PHP!

    --
    I stole this Sig
  8. Re:After 20+ years of buffer overflow exploits... by Chester+K · · Score: 4, Funny

    I think it's time we started writing system software (that is, software which provides services but which runs as a process under the OS) in a language which doesn't have these problems. And if a suitable language is unavailable, that argues strongly for creating that language.

    Careful there tiger, you're starting to sound exactly like Microsoft --- that's what they're in the middle of doing with C#; and we certainly don't want to imply that the OSS community needs to play catch-up with Microsoft when it comes to security practices.

    --

    NO CARRIER
  9. Re:I have to laugh by zulux · · Score: 4, Funny

    Cleaner, more readable code is easier to audit.
    Cleaner, more readable code is easier to bugfix.
    Cleaner, more readable code is easier to add features to.
    Cleaner, more readable code is simply Good Stuff.

    I think you need to do a bit of re-factoring there. ;)

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.