by redmail.netbsd.org with SMTP; 12 Nov 1999 13:34:29 -0000
	by thunk.epilogue.com (8.8.8/8.8.8) with ESMTP id IAA05105
	for <tech-security@netbsd.org>; Fri, 12 Nov 1999 08:34:27 -0500 (EST)
Message-Id: <199911121334.IAA05105@thunk.epilogue.com>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
To: tech-security@netbsd.org
Subject: buffer overrun in ssh's rsaglue.c
Date: Fri, 12 Nov 1999 08:34:27 -0500

Just got this via another list: if you build ssh to use RSAREF (needed
in the US because of patent reasons), there's a potential buffer
overflow in rsaglue.c due to missing range checks.

see:

  http://www.freebsd.org/cgi/query-pr.cgi?pr=14749
  http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-08&msg=19991109124216.A28812@luna.theo2.physik.uni-stuttgart.de

this looks relatively straightforward to fix.

					- Bill