> > Debian's wheezy release, which identifies as: > > OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013 > > > > Debian's jessie release, which identifies as: > > OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015 > > ok, I can reproduce it in 6.6, but it's fixed in 6.8.Thanks for checking. I guess a CVE would make tracking useful for the future, but it is low risk DoS for most people, so I'll not push it :) Steve -- http://www.steve.org.uk/
On Thu, 15 Oct 2015, Steve Kemp wrote:> > ok, I can reproduce it in 6.6, but it's fixed in 6.8. > > Thanks for checking. I guess a CVE would make tracking useful for > the future, but it is low risk DoS for most people, so I'll not push > it :)There's no vulnerability here - it's an unexploitable NULL dereference. I can't see how it would be a denial of service either, because attempting to parse they key was always going to yield a fatal() exit anyway. -d