Bugtraq mailing list archives
Re: More ssh fun (sshd this time)
From: ccraig () CC GATECH EDU (Christopher Craig)
Date: Wed, 27 Aug 1997 11:48:35 -0400
Included From: Solar Designer <solar () FALSE COM>:
+ if (port > 65535) + packet_disconnect("Requested port is %d is invalid",port);This still doesn't fix the problem since port is defined as a signed int, and negative values will pass your check. Of course, their lower 16 bits may represent a privileged port number.
The lines directly after this in the code are if (port < 1024 && !is_root) packet_disconnect("Requested forwarding of port %d but user is not root.", It looks like that should catch negative (as well as privileged) port numbers, so I don't think the patch really has to fix that problem at all. -- Christopher Craig (ccraig () cc gatech edu) "You could shoot Microsoft Office off the planet and this country would run better. You would see everyone standing around saying, 'I've got so much time now.' " Scott McNealy (CEO of Sun) PGP Key Verification: EE B1 F3 A0 3F BC 3C C7 81 61 F1 91 6E 99 13 65 http://www.cc.gatech.edu/people/home/ccraig
Current thread:
- More ssh fun (sshd this time) Ivo van der Wijk (Aug 19)
- Re: More ssh fun (sshd this time) Olaf Titz (Aug 23)
- Sun Security Bulletin #00152 Aleph One (Aug 25)
- Sun Security Bulletin #00153 Aleph One (Aug 25)
- Active X exploit. Peter Shipley (Aug 25)
- Re: More ssh fun (sshd this time) Wietse Venema (Aug 25)
- <Possible follow-ups>
- Re: More ssh fun (sshd this time) Thamer Al-Herbish (Aug 23)
- Re: More ssh fun (sshd this time) Solar Designer (Aug 27)
- Re: More ssh fun (sshd this time) Paul H. Hargrove (Aug 27)
- Re: More ssh fun (sshd this time) Christopher Craig (Aug 27)
- Integer Overflows Solar Designer (Aug 27)