Bugtraq mailing list archives
Re: Sun libnsl lameness
From: mattc () repsec com (Matt Conover)
Date: Fri, 3 Jul 1998 10:38:51 -0700
On Fri, 3 Jul 1998, Andy Polyakov wrote:
First of all it looks like information provided in RSI bulletin is not accurate. 'getkeys_nis' looks quite innocent to me
Yes and No. You're right that it looks quite innocent. And in reality, I doubt it will be exploited. However, the potential is there. If it is, for example, cached information (assuming you can), the possibility exists. I doubt there is much need for concern. But the advisory listed all potential(ly) vulnerable function(s), and that is why this was included.
Should I think of a patch, people? The only thing one can do is to fetch key-pair before calling 'getsecretkey' and make sure it's not longer than 1K or something:-)
The vulnerabilities have nothing to do with sshd. In most cases, I don't think the programs that are calling the vulnerable functions are in fault for assuming the library functions are safe. All that can really be done for now is bounds checking where it applies, as you had mentioned. If you feel obligated to prevent overflows at the library level.. feel free to. Just for your information, two of the vulnerable key functions in libnsl, getsecretkey and getpublickey, are also vulnerable in libc. But still, it's the libraries that need to be fixed, not ssh or sshd. Matt ***************************************************************************** Matt Conover <matt () repsec com> RSI R&D Team ----------------------------------------------------------------------------- RepSec, Inc. (RSI) [http://www.repsec.com] w00w00 Security Development (WSD) [http://www.w00w00.org] *****************************************************************************
Current thread:
- notes on Port scanning, (continued)
- notes on Port scanning Lloyd Vancil (Jul 08)
- WWW Authorization Gateway Albert Nubdy (Jul 08)
- Re: Sun libnsl lameness Allanah Myles (Jul 06)
- Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
- Re: Sun libnsl lameness Scott Stubbs (Jul 09)
- Sun libnsl patches Mike Sorsen (Jul 09)
- Re: Sun libnsl lameness Matt Conover (Jul 08)
- DoS: ANS Interlock Firewall Chris A. Henesy (Jul 09)
- Administrivia Aleph One (Jul 09)
- Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
- Re: Sun libnsl lameness Andy Polyakov (Jul 03)
- Re: Sun libnsl lameness Matt Conover (Jul 03)
- UPDATE: SSH insertion attack Ivan Arce (Jul 03)
- [rootshell] Security Bulletin #20 Aleph One (Jul 06)
- Re: Sun libnsl lameness Edward Lewis EDU SE Nashville (Jul 09)
- Re: Sun libnsl lameness Edward Lewis EDU SE Nashville (Jul 10)