[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] openssh remote exploit

To: auto64746@xxxxxxxxxxxx
Subject: Re: [Full-Disclosure] openssh remote exploit
From: Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Sep 2003 11:47:39 +1000 (Australia/ACT)

In some mail from auto64746@xxxxxxxxxxxx, sie said:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> you can see the 2 bugs in this code?, seems to of me that theo could
> not. i am of understanding that there are exploits working on this in
> the wild. 3 remote holes in default install now !

Well, I can see at least one bug but it's not security related:

If "Buffer->alloc == X" (but offset == end == 0) and "len == X" then
it allocates an extra "X + 32k" bytes rather than filling the existing
buffer exactly.  That, however wasteful, may be part of the design as
it is hard to judge it alone like that.

Maybe if you can see others you'll highlight them ?

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] openssh remote exploit
  - From: auto64746

Prev by Date: Re: [Full-Disclosure] Blocking Music Sharing.
Next by Date: RE: [Full-Disclosure] Blocking Music Sharing.
Previous by thread: [Full-Disclosure] openssh remote exploit
Next by thread: Re: [Full-Disclosure] openssh remote exploit
Index(es):
- Date
- Thread