openssh unix dev - Jan 2009 - Bug CVE-2005-2797

Hi Everyone,

I am using openssh 4.0 in a product, which is affected by
CVE-2005-2797 (If DynamicForward option is activated, GatewayPorts is
also unconditionally enabled). I am trying to backport the fix for
this from 4.2 to 4.0. I have been finding the difference between 4.2
and 4.1 and the only change that looks relevant to this bug, to me is
the changes made in the file readconf.c with the following change

+fwd.listen_host = NULL;
-fwd.listen_host  = "";

Could you please tell me if this was indeed the fix made for this bug?
Or if there is a patch for this, could you please point me that patch?
Thanks in advance.

-karthik

karthikeyan S wrote:
> Hi Everyone,
> 
> I am using openssh 4.0 in a product, which is affected by
> CVE-2005-2797 (If DynamicForward option is activated, GatewayPorts is
> also unconditionally enabled). I am trying to backport the fix for
> this from 4.2 to 4.0. I have been finding the difference between 4.2
> and 4.1 and the only change that looks relevant to this bug, to me is
> the changes made in the file readconf.c with the following change
> 
> +fwd.listen_host = NULL;
> -fwd.listen_host  = "";
> 
> Could you please tell me if this was indeed the fix made for this bug?
> Or if there is a patch for this, could you please point me that patch?
> Thanks in advance.
It was a while back but from the cvs history it looks like it was ssh.c 
rev 1.235 and readconf.c rev 1.118.

http://anoncvs.mindrot.org/index.cgi/openssh/ssh.c?r1=1.234&r2=1.235
http://anoncvs.mindrot.org/index.cgi/openssh/readconf.c?r1=1.117&r2=1.118

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.