Bugtraq mailing list archives
Re: More ssh fun (sshd this time)
From: wietse () WZV WIN TUE NL (Wietse Venema)
Date: Mon, 25 Aug 1997 18:48:33 -0400
[Reposted. The previous copy disappeared after being forwarded by the listserv -- Wietse] Ivo van der Wijk:
- This could also be considered a bug in bind(), because it doesn't wrap portnumbers > 65536, but still, it makes sshd vurnerable, at least on Linux (2.0.29), Solaris 2.4 and SunOs 4.1.4
Actually, the port number passed to bind() is a 16-bit quantity (the sin_port member of a struct sockaddr_in). The fix would be to compare nthos(foo.sin_port) with IPPORT_RESERVED. By sheer dumb luck, this is exactly what I did in my hacked FTP daemon. Wietse
Current thread:
- More ssh fun (sshd this time) Ivo van der Wijk (Aug 19)
- Re: More ssh fun (sshd this time) Olaf Titz (Aug 23)
- Sun Security Bulletin #00152 Aleph One (Aug 25)
- Sun Security Bulletin #00153 Aleph One (Aug 25)
- Active X exploit. Peter Shipley (Aug 25)
- Re: More ssh fun (sshd this time) Wietse Venema (Aug 25)
- <Possible follow-ups>
- Re: More ssh fun (sshd this time) Thamer Al-Herbish (Aug 23)
- Re: More ssh fun (sshd this time) Solar Designer (Aug 27)
- Re: More ssh fun (sshd this time) Paul H. Hargrove (Aug 27)
- Re: More ssh fun (sshd this time) Christopher Craig (Aug 27)
- Integer Overflows Solar Designer (Aug 27)