search for: rsaref2

Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit for it yet. I could be a bad boy and just run all

...nothing jumps out as the obvious cause. Other folks seem to have OpenSSH up on Solaris 7 already--so does anyone have any hints as I start trying to RTFM and RTFS? Note: After my first attempt blew up, I also tried (as an alternate method) downloading, compiling, installing, and linking against RSAREF2. That apparently worked okay, but the end result was the same. Any chance that SSH found the correct libraries at compile time, but can't find them at runtime? --Rip

...xt release of openssh. The file pty.c does not #include <stropts.h> to define I_PUSH even though I_PUSH is used when HAVE_DEV_PTMX is defined. Platform: SunOS test01 5.6 Generic_105181-16 sun4u sparc SUNW,Ultra-60 Using: zlib 1.1.3 http://www.cdrom.com/pub/infozip/zlib/zlib-1.1.3.tar.gz rsaref2.0 (plus patch from bugtraq digest 30-Nov-1999) ftp://ftp.funet.fi/pub/unix/security/login/ssh/rsaref2.tar.gz openssl 0.9.4 ftp://ftp.openssl.org/source/openssl-0.9.4.tar.gz egd 0.6 ftp://ftp.lothar.com/linux/egd-0.6.tar.gz openssh 1.2pre16 http://violet.ibs.com.au/openssh/files/openssh-1.2pr...

...ot;$LIBS -R$ssldir/lib" Checking for all the alternate locations is a bit excessive - cutting down on the search path reduces the time it takes those test to complete dramatically, asking the user to provide something like "--with-ssl-dir=/usr/local/ssl" isn't too bad, IMHO. The rsaref2 defetection appeared to work fine. Manuals are still complete hash on my Solaris 7 box. Any pointers on what's causing it and how to fix would be appreciated. Oh, hey - how about adding a configuration file token for setting the connection banner (assuming my request isn't violating any p...

I have just tarred up a snapshot and uploaded it to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20000823.tar.gz The snapshot incorporates the last month's fixes and enhancements from the openssh-unix-dev mailing list and from the OpenBSD developers. In particular: - ssh-agent and ssh-add now handle DSA keys. NB. this does not interop with ssh.com's ssh-agent. (Markus Friedl)