[ previous ] [ next ] [ threads ]
 From:  Phil Greenway <m0n0wall at wenck dot com dot au>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  OpenSSH contains a buffer management error
 Date:  Wed, 17 Sep 2003 08:47:37 +1000
Versions of OpenSSH prior to 3.7 contain a vulnerability in the general 
handling of buffers. This vulnerability appears to occur due to some 
buffer management errors. Specifically, this is an issue with freeing 
the appropriate memory size on the heap. In certain case the memory 
cleared is too large and might cause heap corruption.


Affects: All FreeBSD releases after 4.0-RELEASE
FreeBSD 4-STABLE prior to the correction date
openssh port prior to openssh-3.6.1_1
openssh-portable port prior to openssh-portable-3.6.1p2_1

Will you need to update m0n0wall ?


Phil Greenway