MyCity » Linux » Bug u OpenSSH

Bug u OpenSSH

Napisano na dan: 16.9.2003

Bug u OpenSSH
Sledeća strana Pagination

Idi na vrh

Poslao: 16 Sep 2003 20:57
Idi na vrh
offline
  • Puky  Male
  • Scottish rebel
  • Pridružio: 18 Apr 2003
  • Poruke: 5815
  • Gde živiš: u Zmajevom gnjezdu

http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172
http://www.openssh.com/txt/buffer.adv



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Poslao: 16 Sep 2003 21:07
Idi na vrh
offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

http://www.securityfocus.com/archive/1/337662

To: BugTraq
Subject: OpenSSH Buffer Management Bug Advisory
Date: Sep 16 2003 4:27PM
Author: Dave Ahmad <da securityfocus com>
Message-ID: <Pine.LNX.4.58.0309161025260.18337@mail.securityfocus.com>

The following advisory is listed on the OpenSSH security page. It was up
some time ago before disappearing for a while and then reappearing in the
last few minutes.

---

Subject: OpenSSH Security Advisory: buffer.adv

This is the 1st revision of the Advisory.

This document can be found at: http://www.openssh.com/txt/buffer.adv

1. Versions affected:

All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.

2. Solution:

Upgrade to OpenSSH 3.7 or apply the following patch.

Appendix:

Index: buffer.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/buffer.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- buffer.c 26 Jun 2002 08:54:18 -0000 1.16
+++ buffer.c 16 Sep 2003 03:03:47 -0000 1.17
@@ -69,6 +69,7 @@
void *
buffer_append_space(Buffer *buffer, u_int len)
{
+ u_int newlen;
void *p;

if (len > 0x100000)
@@ -98,11 +99,13 @@
goto restart;
}
/* Increase the size of the buffer and retry. */
- buffer->alloc += len + 32768;
- if (buffer->alloc > 0xa00000)
+
+ newlen = buffer->alloc + len + 32768;
+ if (newlen > 0xa00000)
fatal("buffer_append_space: alloc %u not supported",
- buffer->alloc);
- buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+ newlen);
+ buffer->buf = xrealloc(buffer->buf, newlen);
+ buffer->alloc = newlen;
goto restart;
/* NOTREACHED */
}


David Mirza Ahmad
Symantec

PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the past is for the future.
We must be the winners of the memory war.



Poslao: 16 Sep 2003 21:08
Idi na vrh
offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

A sto je najbolje od svega patch vec postoji...lepota open sourca

MyCity » Linux » Bug u OpenSSH

Ko je trenutno na forumu
 

Ukupno su 1124 korisnika na forumu :: 52 registrovanih, 4 sakrivenih i 1068 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: AC-DC, babaroga, bojank, bojcistv, Boris Bosiljčić, BRATORIII, ccoogg123, debeli, djboj, Duh sa sekirom, elenemste, flash12, Georgius, gmlale, goxin, havoc995, HrcAk47, hyla, Ilija Cvorovic, JOntra, Karla, Koridor, Krvava Devetka, ksyyaj, kunktator, laki_bb, Lubica, MaksicZoran, Marko Marković, MB120mm, Mi lao shu, mile09, mile23, milenko crazy north, mkukoleca, nuke92, ozzy, panonski mornar, RJ, robert1979, ruger357, sasa76, sasakrajina, solic, suton, Tas011, Vlada1389, vukdra, wolverined4, zzapNDjuric99, zziko, šumar bk2