similar to: remote DoS in sftp via crafted glob expressions (CVE-2010-4755)

Hello all Im using sftp 1:4.7p1-8ubuntu1.2 in a batchjob Ive noticed that sftp needs a long time for sending a filelist. The timespan increases exponential if many files are on the remoteserver. for example "ls -la *.txt" needs 10 seconds for 2000 files but needs 50 seconds for 4000 files. For 150.000 Files i have to wait 15 minutes for example but the

Hi all. I've looked at the archives and it seems to be quiet regarding this supposed "0-day" openssh vulnerability and I'm wondering if anyone here may have some insight or further information regarding it. We've been monitoring things and the amount of speculative info flying around is incredible. Some claim it's the CPNI-957037 issue, thus affecting <5.2, others

I'm curious as to whether or not there is a way to restrict forwarded ports server side. For instance, I'm running an IRC server and am allowing users to connect via ssh forwarding (so I can take advantange of using openssh's public key method for authentication). Each client I tell to setup their ~/.ssh/config in a certain way, but the relevant line is: LocalForward 6667

I was directed to the following site by one of our customers regarding a keyserver built into openssh. There's a patch for 3.4p1 on their site, but the license isn't very clear, nor is it clear if they have approached the openssh team regarding the inclusion of this subsystem into openssh proper. I've been asked to patch Mandrake's openssh with this feature, but I'm

https://bugzilla.mindrot.org/show_bug.cgi?id=2463 Bug ID: 2463 Summary: Conflict with openbsd compat glob() function in shared libraries Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=3069 Bug ID: 3069 Summary: sftp issues with [ or ] in path name Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sftp Assignee: unassigned-bugs at mindrot.org

=================================================================== "Birthdays are nature's way of telling us to eat more cake." Source Unknown ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to

=================================================================== "Birthdays are nature's way of telling us to eat more cake." Source Unknown ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to

All, I am trying to build openssh-5.6p1 using the SPEC file on RHEL 6 and I am receiving this error: [root@**** SPECS]# rpmbuild -bb openssh.spec error: line 47: Unknown tag: Copyright : BSD Also, I read that the umask functionality in this one has issues. Does it work in the 5.5 source? Any help would be appreciated.

https://bugzilla.mindrot.org/show_bug.cgi?id=2254 Bug ID: 2254 Summary: Better error message for globs that have too many results. Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sftp

https://bugzilla.netfilter.org/show_bug.cgi?id=1049 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX CC| |pablo at netfilter.org Status|NEW

Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3743 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: lmtp, imap Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference: CVE-2020-7957

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1870 (Bug ID) Vulnerability type: CWE-789 (Uncontrolled Memory Allocation) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1869 (Bug ID) Vulnerability type: CWE-126 (Buffer over-read) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference:

Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3743 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: lmtp, imap Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference: CVE-2020-7957

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1870 (Bug ID) Vulnerability type: CWE-789 (Uncontrolled Memory Allocation) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 CVE reference: CVE-2020-12673 CVSS: 7.5

Open-Xchange Security Advisory 2020-08-12 Affected product: Dovecot IMAP server Internal reference: DOP-1869 (Bug ID) Vulnerability type: CWE-126 (Buffer over-read) Vulnerable version: 2.2 Vulnerable component: auth Fixed version: 2.3.11.3 Report confidence: Confirmed Solution status: Fix available Vendor notification: 2020-05-03 Researcher credit: Orange from DEVCORE team CVE reference:

I''ll just include the letter that I sent to John Carmack and Dave "Zoid" Kirsch concerning this problem. ---------------------------------------------------------------------- From: Greg Alexander <galexand@sietch.bloomington.in.us> Approved: R.E.Wolff@BitWizard.nl To: zoid@threewave.com cc: johnc@idsoftware.com Subject: Security hole in squake. Please respond with this

we have implemented this function for 3.1p1, and have been using it in production sense may 2002. The patch has been ported to 3.7.1p2, we have been using it in 3.7.1p2 for awhile, if anyone is interested, here it is. This is the same patch David Bradford talked about on 2002-06-05 Regards, Greg Hayes diff -u -r openssh-3.7.1p2/sftp-client.c openssh-3.7.1p2_sftp/sftp-client.c ---

https://bugzilla.mindrot.org/show_bug.cgi?id=1634 Summary: [PATCH] openbsd-compat/glob.h conflicts with system glob.h Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: