From: Alexandre Sato (alexandre.sato@BR.ABNAMRO.COM)
Date: Thu Sep 18 2003 - 14:07:22 EDT
As long as SSH is NOT AN OFFICIAL PRODUCT from IBM, it does not have any
support, unless from the Open SSH project page. The link you've sent has
the apropriated solution for this vulnerability issue:
Subject: OpenSSH Security Advisory: buffer.adv
This is the 2nd revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
management errors. It is uncertain whether these errors are
potentially exploitable, however, we prefer to see bugs
fixed proactively.
Other implementations sharing common origin may also have
these issues.
2. Solution:
Upgrade to OpenSSH 3.7.1 or apply the following patch.
So, if you're running a version older than 3.7.1, just make an upgrade for
this version. It's a matter of spending some extra minutes reading the
advise.
Ranbir Singh <Singh@XAVIER.EDU>
Sent by: IBM AIX Discussion List <aix-l@Princeton.EDU>
09/18/03 02:47 PM
Please respond to IBM AIX Discussion List
To: aix-l@Princeton.EDU
cc:
Subject: SSH Vulnerability Fix for AIX?
Does anyone know if IBM (or related) has released an AIX fix for the
new security vulnerability for SSH?
Here is the description of the issue:
http://www.openssh.com/txt/buffer.adv
Thanks,
RS
--------------------------------
"Colorless green ideas sleep furiously."
--------------------------------
Ranbir Singh
Information Systems and Services
O: 513.745.3889
E: singh@xavier.edu
Xavier University
3800 Victory Parkway
Cincinnati, Ohio 45207-7411
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:12 EDT