the blog/wiki/website/homepage/internetpräsenz of Stefan Rinner

Wednesday, Jan 9, 2002

The problem was not fixable without breaking the protocol 1.5 semantics and thus a patch was devised that would detect an attack that exploited the vulnerability found. The attack detection is done in the file deattack.c from the SSH1 source distribution.
A vulnerability was found in the attack detection code that could lead to the execution of arbitrary code in SSH servers and clients that incorporated the patch." - http://www.langreiter.com… - hoffentlich bald auch wieder online