Bugtraq mailing list archives

Re: More ssh fun (sshd this time)

From: hargrove () SCCM STANFORD EDU (Paul H. Hargrove)
Date: Wed, 27 Aug 1997 16:13:11 -0700


Thamer Al-Herbish writes:
[snip]

This problem is that ssh/sshd uses an int instead of an unsigned short to do
the comparison on. So wrapping doesnt occur till its placed in the struct
sockaddr_in.

[snip]

It looks like (from reading it, not from running it) the patch will
consider negative port numbers to be "privileged" rather than
"invalid", thus yielding the incorrect massage.  This is, of course, a
cosmetic problem rather than a functional one.
--
Paul H. Hargrove                   All material not otherwise attributed
hargrove () sccm stanford edu         is the opinion of the author or a typo.

Current thread:

More ssh fun (sshd this time) Ivo van der Wijk (Aug 19)
- Re: More ssh fun (sshd this time) Olaf Titz (Aug 23)
- Sun Security Bulletin #00152 Aleph One (Aug 25)
- Sun Security Bulletin #00153 Aleph One (Aug 25)
- Active X exploit. Peter Shipley (Aug 25)
- Re: More ssh fun (sshd this time) Wietse Venema (Aug 25)
- <Possible follow-ups>
- Re: More ssh fun (sshd this time) Thamer Al-Herbish (Aug 23)
  - Re: More ssh fun (sshd this time) Solar Designer (Aug 27)
  - Re: More ssh fun (sshd this time) Paul H. Hargrove (Aug 27)
- Re: More ssh fun (sshd this time) Christopher Craig (Aug 27)
  - Integer Overflows Solar Designer (Aug 27)