AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:<20070906072746.564841c9@ripper.onstor.net>
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:onstor-exch02.onstor.net
NSV:
SSH:
R:<fredm@css.glasshouse.com>,<dl-cstech@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/andys@onstor.net@onstor-exch02.onstor.net/INBOX	0	002c01c7f08d$76003ad0$0300a8c0@lab.css.glasshouse.com
X-Sylpheed-End-Special-Headers: 1
Date: Thu, 6 Sep 2007 07:28:45 -0700
From: Andrew Sharp <andy.sharp@onstor.com>
To: "Fred D. McFadden" <fredm@css.glasshouse.com>
Cc: "'dl-cstech'" <dl-cstech@onstor.com>
Subject: Re: what version of OpenSSH are you running on the new 3.0.1.0
 code?
Message-ID: <20070906072845.2dcbec72@ripper.onstor.net>
In-Reply-To: <002c01c7f08d$76003ad0$0300a8c0@lab.css.glasshouse.com>
References: <002c01c7f08d$76003ad0$0300a8c0@lab.css.glasshouse.com>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Please remember that these machines are not meant to be run bare-assed
on the internet, but as internal appliances where their environment is
tightly controlled.

That being said, there are many very large, real, security holes in our
product besides this theoretical security hole.  Theoretical because it
has probably never been actually exploited even to crash the ssh
server, and because of the highly inflamitory "...possibly execute
arbitrary code..." which is obvious theoretical on it's best day.

Cheers,

a

On Thu, 6 Sep 2007 09:54:35 -0400 "Fred D. McFadden"
<fredm@css.glasshouse.com> wrote:

> Customer asks the below, can anyone answer? Thanks -Fred
> ---------------
> A new comment has been added to case 5806 by Server Manager.
> https://ssl.salesforce.com/500000000015x3tAAA
> 
> ---------------- Comment: ---------------- Michael,
> 
> BTW, what version of OpenSSH are you running on the new 3.0.1.0 code?
> Because OpenSSH 4.4 and earlier contain a signal handler race
> condition in the GSSAPI functionality which can lead to memory beeing
> free()'d twice. This flaw allows a remote attacker to crash the
> OpenSSH service and possibly execute arbitrary code on the server.
> 
> Thanks,
> 
> Yong
> 
> 
