OpenSSH heads-up
Vlad Galu
Vlad.Galu at rdsnet.ro
Fri Sep 19 03:39:55 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 16 Sep 2003 08:43:47 -0500 "Jacques A. Vidrine" <nectar at FreeBSD.org>
wrote:
> OK, an official OpenSSH advisory was released, see here:
> <URL:
> http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html
> >
So what this basically does is: not incrementing buffer->alloc, but using a new
integer variable instead, which we compare to 0xa00000. How does this help ? I'm
not an expert in off-by-one vulnerabilities. It'd be nice if someone enlightened
me a little bit.
>
> The fix is currently in FreeBSD -CURRENT and -STABLE. It will be
> applied to the security branches as well today. Attached are patches:
I noticed the patch being commited to the openssh ports. Is it going to be
merged in the source tree as well ? I took the liberty of modifying buffer.c
myself, like Jacques' patch did.
>
> buffer46.patch -- For FreeBSD 4.6-RELEASE and later
> buffer45.patch -- For FreeBSD 4.5-RELEASE and earlier
>
> Currently, I don't believe that this bug is actually exploitable for
> code execution on FreeBSD, but I reserve the right to be wrong :-)
>
> Cheers,
> --
> Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
> nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
>
- ------
Vlad Galu
Senior IP Engineer
Romania Data Systems NOC in Bucharest
Phone: +40 21 30 10 850
Web: http://www.rdsnet.ro
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x53ABCE97
- -----------------------------------------------------------------------
Privileged/Confidential Information may be contained in this message.
If you are not the addressee indicated in this message (or responsible
for delivery of the message to such a person), you may not copy or
deliver this message to anyone. In such a case, you should destroy this
message and kindly notify the sender by reply e-mail.
- -----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/Zx/TP5WtpVOrzpcRAkZKAJ4i0nMg+SjVPSo7Kzw2qzHpYk/IhQCdHnmA
7MT6DO9f+vmEpTwWoz3A76w=
=zwK5
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list