MyCity » Linux » Bug u OpenSSH

Bug u OpenSSH

Napisano na dan: 16.9.2003

Bug u OpenSSH
Sledeća strana Pagination

Idi na vrh

Poslao: 16 Sep 2003 20:57
Idi na vrh
offline
  • Puky  Male
  • Scottish rebel
  • Pridružio: 18 Apr 2003
  • Poruke: 5815
  • Gde živiš: u Zmajevom gnjezdu

[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Poslao: 16 Sep 2003 21:07
Idi na vrh
offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

[Link mogu videti samo ulogovani korisnici]

To: BugTraq
Subject: OpenSSH Buffer Management Bug Advisory
Date: Sep 16 2003 4:27PM
Author: Dave Ahmad <da securityfocus com>
Message-ID: <Pine.LNX.4.58.0309161025260.18337@mail.securityfocus.com>

The following advisory is listed on the OpenSSH security page. It was up
some time ago before disappearing for a while and then reappearing in the
last few minutes.

---

Subject: OpenSSH Security Advisory: buffer.adv

This is the 1st revision of the Advisory.

This document can be found at: [Link mogu videti samo ulogovani korisnici]

1. Versions affected:

All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.

2. Solution:

Upgrade to OpenSSH 3.7 or apply the following patch.

Appendix:

Index: buffer.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/buffer.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- buffer.c 26 Jun 2002 08:54:18 -0000 1.16
+++ buffer.c 16 Sep 2003 03:03:47 -0000 1.17
@@ -69,6 +69,7 @@
void *
buffer_append_space(Buffer *buffer, u_int len)
{
+ u_int newlen;
void *p;

if (len > 0x100000)
@@ -98,11 +99,13 @@
goto restart;
}
/* Increase the size of the buffer and retry. */
- buffer->alloc += len + 32768;
- if (buffer->alloc > 0xa00000)
+
+ newlen = buffer->alloc + len + 32768;
+ if (newlen > 0xa00000)
fatal("buffer_append_space: alloc %u not supported",
- buffer->alloc);
- buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+ newlen);
+ buffer->buf = xrealloc(buffer->buf, newlen);
+ buffer->alloc = newlen;
goto restart;
/* NOTREACHED */
}


David Mirza Ahmad
Symantec

PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the past is for the future.
We must be the winners of the memory war.



Poslao: 16 Sep 2003 21:08
Idi na vrh
offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

A sto je najbolje od svega patch vec postoji...lepota open sourca

MyCity » Linux » Bug u OpenSSH

Ko je trenutno na forumu
 

Ukupno su 966 korisnika na forumu :: 171 registrovanih, 16 sakrivenih i 779 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -Max-, 10x10.9, aca018, airliners, Aleksandar Šljivar, aleksmajstor, ALEXV, Alojzije, alonso, amaterSRB, ambra, anbeast, arsa, asdfjklc, babaroga, Bane san, BaneM75, Ben Roj, blackjack, bobrothers, Bojan5150, bojank, Bombona, boromir, BORUTUS, BraneS, BWG, carinko, cemix, Chainsaw, cifra, Cirkon, comi, comi991, darionis, Darko8, darkojbn, debeli, Dejan_vw, dekan.m, delboy, Dimitrise93, DJUNTA, djuradj, Dogma21, Dokon Pop, doom83, DovlaODR, Dragacevac, draganl, draganst, dule10savic, Electron, feanor, Gagi193, Gheljda, ghoost, GrammaticalAnalysis, Great White, Halabit, Hamo77, Hemi, HogarStrashni, IpMan, Ivica1102, jalos, Joco Skljoco, Jomini, Još malo pa deda, jugoslav.70, K2, Kakarotsvc, kljift, kokodakalo, kovinacc, Kum Ruzvelt, LostInSpaceandTime, luka35, Magarac001, Makarid, maksi007, Malahit, Mamadu, manda87, Mane88, Manjane, MarkoW, marsi, MaschinenPistole, matrix_1, mauglibn, MDrasko, mercedesamg, Metanoja, Mig 29, mikrimaus, milenko crazy north, Miletić Zoran, MiloradKomadic, Milos1987, Milos82, mirosl, molusan, Motocar, MrNo, N.e.m.a.nj.a., Ne doznajem se u oružje, nefs, nick79, NklJov123, oblivion, opt1, orfanel, Otto Grunf, Pale2025, pein, Pilence, pisac12, Povratak1912, Pv123, RajkoB, raso76, razumihin, rednap, renvoi, royst33, ruma, sales, samocitam, savuni, Shinobi, Simulink11000, Singidunumac, Smiljkovich, ssekir75, Stefan M, stevo svinja, Stoilkovic, Stojan Mrsavi, Str2022, strelac07, synergia, T55, tmanda323, tomigun, tomo2, tooooom, travisrise, tubular, Tumansky, Tunguska55, Velizar Laro, veljko82, Veselimalisa, Vica1958, Vidlič, Vlada76, vladaa012, Voice1, voja64, volimpivuvolimrakiju, Vrač, WELJKO, wizzardone, ZetaMan, Zmajac, zombicar153, zoran77, Zukov, zule2, |_MeD_|