Displaying 1 result from an estimated 1 matches for "secadv_20120419".
2012 Apr 19
2
OpenSSL ASN.1 vulnerability: sshd not affected
Hi,
Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that
can be exploited to cause a heap overflow:
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use
of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification
function (openssh_RSA_verify):