Bug u OpenSSH

Bug u OpenSSH

offline
  • Puky  Male
  • Scottish rebel
  • Pridružio: 18 Apr 2003
  • Poruke: 5815
  • Gde živiš: u Zmajevom gnjezdu

http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172
http://www.openssh.com/txt/buffer.adv



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

http://www.securityfocus.com/archive/1/337662

To: BugTraq
Subject: OpenSSH Buffer Management Bug Advisory
Date: Sep 16 2003 4:27PM
Author: Dave Ahmad <da securityfocus com>
Message-ID: <Pine.LNX.4.58.0309161025260.18337@mail.securityfocus.com>

The following advisory is listed on the OpenSSH security page. It was up
some time ago before disappearing for a while and then reappearing in the
last few minutes.

---

Subject: OpenSSH Security Advisory: buffer.adv

This is the 1st revision of the Advisory.

This document can be found at: http://www.openssh.com/txt/buffer.adv

1. Versions affected:

All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.

2. Solution:

Upgrade to OpenSSH 3.7 or apply the following patch.

Appendix:

Index: buffer.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/buffer.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- buffer.c 26 Jun 2002 08:54:18 -0000 1.16
+++ buffer.c 16 Sep 2003 03:03:47 -0000 1.17
@@ -69,6 +69,7 @@
void *
buffer_append_space(Buffer *buffer, u_int len)
{
+ u_int newlen;
void *p;

if (len > 0x100000)
@@ -98,11 +99,13 @@
goto restart;
}
/* Increase the size of the buffer and retry. */
- buffer->alloc += len + 32768;
- if (buffer->alloc > 0xa00000)
+
+ newlen = buffer->alloc + len + 32768;
+ if (newlen > 0xa00000)
fatal("buffer_append_space: alloc %u not supported",
- buffer->alloc);
- buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+ newlen);
+ buffer->buf = xrealloc(buffer->buf, newlen);
+ buffer->alloc = newlen;
goto restart;
/* NOTREACHED */
}


David Mirza Ahmad
Symantec

PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the past is for the future.
We must be the winners of the memory war.



offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

A sto je najbolje od svega patch vec postoji...lepota open sourca

Ko je trenutno na forumu
 

Ukupno su 988 korisnika na forumu :: 71 registrovanih, 7 sakrivenih i 910 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Alibaba1981, aljosa7, Arsenije, Atenjanin89, bigfoot, BORUTUS, botta, Bubili, Buda Baba, ccoogg123, cifra, dankisha, darionis, darkstar101, Dejan84, Djokislav, Doca, Drazenbg, Dukelander, dule10savic, dulleo, ekozelj, GreenMan, havoc995, Klecaviks, krkalon, krlebgd77, kybonacci, laki_bb, Ligavesh, lovac12, mačković, mercedesamg, Mercury, mihajlot2013, Milan A. Nikolic, misa2, Miskohd, Niske, nuke92, ormanj, Paor, Parker, pein, raf87, randja26, RobinHood12, S2M, sakota79, saputnik plavetnila, slonic_tonic, Srpska zauvjek, stalja, Stoilkovic, Toni, trikomso, tubular, vasa.93, vaso1, virked, Vlad000, VladaKG1980, vobo, Yonesky, zastavnik, Zmaj Ognjeni Vuk, Živković, Žukov, šumar bk2, 187