OpenSSH heads-up

Vlad Galu Vlad.Galu at rdsnet.ro
Fri Sep 19 03:39:55 PDT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 16 Sep 2003 08:43:47 -0500 "Jacques A. Vidrine" <nectar at FreeBSD.org>
wrote:

> OK, an official OpenSSH advisory was released, see here:
> <URL:
> http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html
> >
	
	So what this basically does is: not incrementing buffer->alloc, but using a new
integer variable instead, which we compare to 0xa00000. How does this help ? I'm
not an expert in off-by-one vulnerabilities. It'd be nice if someone enlightened
me a little bit.

> 
> The fix is currently in FreeBSD -CURRENT and -STABLE.  It will be
> applied to the security branches as well today.  Attached are patches:

	I noticed the patch being commited to the openssh ports. Is it going to be
merged in the source tree as well ? I took the liberty of modifying buffer.c
myself, like Jacques' patch did.

> 
>    buffer46.patch -- For FreeBSD 4.6-RELEASE and later
>    buffer45.patch -- For FreeBSD 4.5-RELEASE and earlier
> 
> Currently, I don't believe that this bug is actually exploitable for
> code execution on FreeBSD, but I reserve the right to be wrong :-)
> 
> Cheers,
> -- 
> Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
> nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
> 


- ------
Vlad Galu
Senior IP Engineer
Romania Data Systems NOC in Bucharest
Phone:	+40 21 30 10 850
Web:	http://www.rdsnet.ro
PGP:	http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x53ABCE97
- -----------------------------------------------------------------------
Privileged/Confidential  Information may  be contained in this message.
If you are not the  addressee indicated in this message (or responsible
for  delivery of the  message to such a  person), you  may not  copy or
deliver this message to anyone. In such a case, you should destroy this
message and kindly notify the sender by reply e-mail.
- -----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/Zx/TP5WtpVOrzpcRAkZKAJ4i0nMg+SjVPSo7Kzw2qzHpYk/IhQCdHnmA
7MT6DO9f+vmEpTwWoz3A76w=
=zwK5
-----END PGP SIGNATURE-----

More information about the freebsd-security mailing list