From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-65481-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 8737 invoked by alias); 24 Jan 2003 12:16:37 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 8728 invoked from network); 24 Jan 2003 12:16:36 -0000
Received: from unknown (HELO cbibipnt08.hc.bt.com) (193.113.57.20)
  by 172.16.49.205 with SMTP; 24 Jan 2003 12:16:36 -0000
Received: by cbibipnt08.hc.bt.com with Internet Mail Service (5.5.2654.89)
	id <DQH69PJT>; Fri, 24 Jan 2003 12:15:04 -0000
Message-ID: <C6B07A19E9C78D47B4613C7A46FE91AE024C6606@i2km04-ukbr.domain1.systemhost.net>
From: jim.a.davidson@bt.com
To: cygwin@cygwin.com
Subject: cygwin1.dll
Date: Fri, 24 Jan 2003 15:20:00 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-SW-Source: 2003-01/txt/msg01416.txt.bz2

Sirs,
We are proposing to use the Red Hat OpenSSH package on our NT/W2K servers
but some concerns
have been raised re. the Cygwin1.dll shared memory vulnerability.
As the only Cygwin application running on these machines will be OpenSSH I
am not sure how
significant a risk may exist.
Can you please explain how this vulnerabilty could be exploited so that we
can determine
what if any counter measures we could deploy.
Thanks.

> Best Regards
> Jim 
> 		_______________________________________________
> 		BTcd  Computing Partners
> 		Intelligent Systems Management               
> 
> 	     _______________________________________________
 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/