Gentoo Archives: gentoo-dev

From: Mishael A Sibiryakov <death@×××××.org>
To: Gentoo Dev <gentoo-dev@g.o>
Subject: [gentoo-dev] openssh exploit
Date: Tue, 16 Sep 2003 13:22:42
Message-Id: 1063718560.1709.15.camel@junki.org
1 Look at this:
2
3 -----BEGIN PGP SIGNED MESSAGE-----
4 Hash: SHA1
5
6 you can see the 2 bugs in this code?, seems to of me that theo could
7 not. i am of understanding that there are exploits working on this in
8 the wild. 3 remote holes in default install now !
9 hahaha
10
11 void *
12 buffer_append_space(Buffer *buffer, u_int len)
13 {
14 void *p;
15
16 if (len > 0x100000)
17 fatal("buffer_append_space: len %u not supported", len);
18
19 /* If the buffer is empty, start using it from the beginning.
20 */
21 if (buffer->offset == buffer->end) {
22 buffer->offset = 0;
23 buffer->end = 0;
24 }
25 restart:
26 /* If there is enough space to store all data, store it now.
27 */
28 if (buffer->end + len < buffer->alloc) {
29 p = buffer->buf + buffer->end;
30 buffer->end += len;
31 return p;
32 }
33 /*
34 * If the buffer is quite empty, but all data is at the end,
35 move the
36 * data to the beginning and retry.
37 */
38 if (buffer->offset > buffer->alloc / 2) {
39 memmove(buffer->buf, buffer->buf + buffer->offset,
40 buffer->end - buffer->offset);
41 buffer->end -= buffer->offset;
42 buffer->offset = 0;
43 goto restart;
44 }
45 /* Increase the size of the buffer and retry. */
46 buffer->alloc += len + 32768;
47 if (buffer->alloc > 0xa00000)
48 fatal("buffer_append_space: alloc %u not supported",
49 buffer->alloc);
50 buffer->buf = xrealloc(buffer->buf, buffer->alloc);
51 goto restart;
52 /* NOTREACHED */
53 }
54 -----BEGIN PGP SIGNATURE-----
55 Note: This signature can be verified at https://www.hushtools.com/verify
56 Version: Hush 2.3
57
58 wkYEARECAAYFAj9mSqAACgkQO4YmZKj9rSu4mQCeMS8jvadKaKO01kAwl3Ykwirr9ZEA
59 oLOwzsupmVKP+z1R/5OSlu8NHngf
60 =c0bi
61 -----END PGP SIGNATURE-----
62
63 and
64
65 http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h
66 and
67
68 ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
69
70 File:openssh-3.7p1-vs-openbsd.diff.gz 360 KB 16.09.2003 05:00:00
71 File:openssh-3.7p1.tar.gz 773 KB 16.09.2003 05:00:00
72 File:openssh-3.7p1.tar.gz.sig 1 KB 16.09.2003 05:00:00
73
74 Someone do anything ? Like a new ebuild
75
76 --
77 Time : 19:20:17-16:09:2003
78 NP : 18 Linkin Park - Kyur4 The Ich-chairman Hahn
79 SysStat : 19:20:17 up 14 days, 11:01, 2 users, load average: 0.44, 0.37,
80 0.39
81
82
83 --
84 gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] openssh exploit Mike Frysinger <vapier@g.o>