| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 27 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 38:51:35 |
| Calls: | 631 |
| Calls today: | 2 |
| Files: | 1,187 |
| D/L today: |
23 files (29,781K bytes) |
| Messages: | 174,060 |
For those that have not read the release notes - you should,
because:
<quote>
OpenSSH Version 9.9-2 for VSI OpenVMS Release Notes and Installation Guide 2.3. Known Problems and Restrictions
...
? Using the SET TERMINAL/WIDTH=value command to resize your PuTTY
terminal window
(even as part of your LOGIN.COM) will cause the session to terminate.
</quote>
On 2025-09-08, Arne Vajh|+j <arne@vajhoej.dk> wrote:
For those that have not read the release notes - you should,
because:
<quote>
OpenSSH Version 9.9-2 for VSI OpenVMS Release Notes and Installation Guide >> 2.3. Known Problems and Restrictions
...
? Using the SET TERMINAL/WIDTH=value command to resize your PuTTY
terminal window
(even as part of your LOGIN.COM) will cause the session to terminate.
</quote>
JFC, how the hell is it considered acceptable to ship something which
has a bug like _that_ in it ? :-( That should be a P1 blocker if discovered before release and should have resulted in the kit been pulled if
discovered after release.
Next question: _what_ causes the session to terminate and is it
exploitable or (hopefully) just a session crasher ?
Is it a supervisor or executive mode bugcheck or something which just
causes a crash/bugcheck in the OpenSSH code ?
Simon.
On 9/8/25 12:47 PM, Simon Clubley wrote:
On 2025-09-08, Arne Vajhoj <arne@vajhoej.dk> wrote:
For those that have not read the release notes - you should,
because:
<quote>
OpenSSH Version 9.9-2 for VSI OpenVMS Release Notes and Installation Guide >>> 2.3. Known Problems and Restrictions
...
? Using the SET TERMINAL/WIDTH=value command to resize your PuTTY
terminal window
(even as part of your LOGIN.COM) will cause the session to terminate.
</quote>
JFC, how the hell is it considered acceptable to ship something which
has a bug like _that_ in it ? :-( That should be a P1 blocker if discovered >> before release and should have resulted in the kit been pulled if
discovered after release.
One of the fixes mentions a CVE related to X11 forwarding, so they may
have felt they had to get it out there sooner rather than later even if
it had known problems.
On 2025-09-08, Craig A. Berry <craigberry@nospam.mac.com> wrote:
On 9/8/25 12:47 PM, Simon Clubley wrote:
On 2025-09-08, Arne Vajh|+j <arne@vajhoej.dk> wrote:
For those that have not read the release notes - you should,
because:
<quote>
OpenSSH Version 9.9-2 for VSI OpenVMS Release Notes and Installation Guide >>>> 2.3. Known Problems and Restrictions
...
? Using the SET TERMINAL/WIDTH=value command to resize your PuTTY
terminal window
(even as part of your LOGIN.COM) will cause the session to terminate.
</quote>
JFC, how the hell is it considered acceptable to ship something which
has a bug like _that_ in it ? :-( That should be a P1 blocker if discovered >>> before release and should have resulted in the kit been pulled if
discovered after release.
One of the fixes mentions a CVE related to X11 forwarding, so they may
have felt they had to get it out there sooner rather than later even if
it had known problems.
Maybe. Let's just hope this crash is a benign crash.