Full Disclosure mailing list archives
Re: openssh remote exploit
From: Darren Reed <avalon () caligula anu edu au>
Date: Tue, 16 Sep 2003 11:47:39 +1000 (Australia/ACT)
In some mail from auto64746 () hushmail com, sie said:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 you can see the 2 bugs in this code?, seems to of me that theo could not. i am of understanding that there are exploits working on this in the wild. 3 remote holes in default install now !
Well, I can see at least one bug but it's not security related: If "Buffer->alloc == X" (but offset == end == 0) and "len == X" then it allocates an extra "X + 32k" bytes rather than filling the existing buffer exactly. That, however wasteful, may be part of the design as it is hard to judge it alone like that. Maybe if you can see others you'll highlight them ? Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- openssh remote exploit auto64746 (Sep 15)
- Re: openssh remote exploit Darren Reed (Sep 15)
- Re: openssh remote exploit Timo Sirainen (Sep 16)
- Re: openssh remote exploit Adam Dyga (Sep 17)
- <Possible follow-ups>
- Re: openssh remote exploit auto64746 (Sep 16)
- Re: openssh remote exploit Diode Trnasistor (Sep 16)
- Re: openssh remote exploit Darren Reed (Sep 16)
- RE: openssh remote exploit Edward W. Ray (Sep 16)
- Re: openssh remote exploit Darren Reed (Sep 16)
- Re: openssh remote exploit Mike Griffin (Sep 16)
- Re: openssh remote exploit KF (Sep 16)
- Re: openssh remote exploit Henning Brauer (Sep 16)