Bugtraq mailing list archives
Re: More ssh fun (sshd this time)
From: solar () FALSE COM (Solar Designer)
Date: Wed, 27 Aug 1997 05:48:44 -0300
Hello!
+ if (port > 65535) + packet_disconnect("Requested port is %d is invalid",port);
This still doesn't fix the problem since port is defined as a signed int, and negative values will pass your check. Of course, their lower 16 bits may represent a privileged port number. BTW, it looks like integer overflows and negative number problems are quite common: sshd, Linux setrlimit(), Linux sysctl() -- any more coming soon? ;) Signed, Solar Designer
Current thread:
- More ssh fun (sshd this time) Ivo van der Wijk (Aug 19)
- Re: More ssh fun (sshd this time) Olaf Titz (Aug 23)
- Sun Security Bulletin #00152 Aleph One (Aug 25)
- Sun Security Bulletin #00153 Aleph One (Aug 25)
- Active X exploit. Peter Shipley (Aug 25)
- Re: More ssh fun (sshd this time) Wietse Venema (Aug 25)
- <Possible follow-ups>
- Re: More ssh fun (sshd this time) Thamer Al-Herbish (Aug 23)
- Re: More ssh fun (sshd this time) Solar Designer (Aug 27)
- Re: More ssh fun (sshd this time) Paul H. Hargrove (Aug 27)
- Re: More ssh fun (sshd this time) Christopher Craig (Aug 27)
- Integer Overflows Solar Designer (Aug 27)