Hi! I just saw this on bugtraq. Does someone have more details about this? Subject: OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow From: Marcell Fodor <m.fodor at mail.datanet.hu> Date: 19 Apr 2002 22:42:51 -0000 (Sat 01:42 EEST) To: bugtraq at securityfocus.com effect: local root vulnerable services: -pass Kerberos IV TGT -pass AFS Token bug details: radix.c GETSTRING macro in radix_to_creds function may cause buffer overflow. affected buffers: creds->service creds->instance creds->realm creds->pinst exploit code here: mantra.freeweb.hu