---

CERT.org: CERT® Advisory CA-99-15 Buffer Overflows in SSH Daemon and RSAREF2 Library

“Some versions of sshd are vulnerable to a buffer overflow that
can allow an intruder to influence certain variables internal to
the program. This vulnerability alone does not allow an intruder to
execute code.”

“However, a vulnerability in RSAREF2, which was discovered
and researched by Core SDI, can be used in conjunction with the
vulnerability in sshd to allow a remote intruder to execute
arbitrary code….

“Also, only versions of SSH compiled with RSAREF support, via
the –with-rsaref option, are vulnerable to these issues.”

Complete
Security Advisory

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis