Bug u OpenSSH

Napisano na dan: 16.9.2003

Bug u OpenSSH

Odgovori

Puky Poslao: 16 Sep 2003 20:57 Idi na vrh
offline Puky Scottish rebel Pridružio: 18 Apr 2003 Poruke: 5815 Gde živiš: u Zmajevom gnjezdu	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil
Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.

AxeZ Poslao: 16 Sep 2003 21:07 Idi na vrh
offline AxeZ Legendarni građanin Pridružio: 17 Apr 2003 Poruke: 3989 Gde živiš: Novi Sad, Vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! [Link mogu videti samo ulogovani korisnici] To: BugTraq Subject: OpenSSH Buffer Management Bug Advisory Date: Sep 16 2003 4:27PM Author: Dave Ahmad <da securityfocus com> Message-ID: <Pine.LNX.4.58.0309161025260.18337@mail.securityfocus.com> The following advisory is listed on the OpenSSH security page. It was up some time ago before disappearing for a while and then reappearing in the last few minutes. --- Subject: OpenSSH Security Advisory: buffer.adv This is the 1st revision of the Advisory. This document can be found at: [Link mogu videti samo ulogovani korisnici] 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH 3.7 or apply the following patch. Appendix: Index: buffer.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/buffer.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- buffer.c 26 Jun 2002 08:54:18 -0000 1.16 +++ buffer.c 16 Sep 2003 03:03:47 -0000 1.17 @@ -69,6 +69,7 @@ void * buffer_append_space(Buffer buffer, u_int len) { + u_int newlen; void p; if (len > 0x100000) @@ -98,11 +99,13 @@ goto restart; } /* Increase the size of the buffer and retry. / - buffer->alloc += len + 32768; - if (buffer->alloc > 0xa00000) + + newlen = buffer->alloc + len + 32768; + if (newlen > 0xa00000) fatal("buffer_append_space: alloc %u not supported", - buffer->alloc); - buffer->buf = xrealloc(buffer->buf, buffer->alloc); + newlen); + buffer->buf = xrealloc(buffer->buf, newlen); + buffer->alloc = newlen; goto restart; / NOTREACHED */ } David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- The battle for the past is for the future. We must be the winners of the memory war.

Profil

AxeZ Poslao: 16 Sep 2003 21:08 Idi na vrh
offline AxeZ Legendarni građanin Pridružio: 17 Apr 2003 Poruke: 3989 Gde živiš: Novi Sad, Vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A sto je najbolje od svega patch vec postoji...lepota open sourca

Profil

Ko je trenutno na forumu
	Ukupno su 1230 korisnika na forumu :: 98 registrovanih, 8 sakrivenih i 1124 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07 Korisnici koji su trenutno na forumu: Korisnici trenutno na forumu: -[CoA]-, 357magnum, 6.5lapua, Aleksej, Apok, Asparagus, Ba4e, bbrasnjo3, blackjack, bokisha253, Bubimir, Cian, Dannyboy, darcaud, Dejan_vw, dejno, Demi87, Dimitrise93, Django777, djile1, doktor097, Dolinc, doom83, Feller, FOX, gaga23, GeoM, gobrad, gregorxix, Holy Saber, iceburn, ivan1973, Jaz, jon istvan, K-1A, kalens021, Kanader, kendzo-andzo-boni-fju, Koridor 11, krca73, Kriglord, Kubovac, kybonacci, lord sir giga, LostInSpaceandTime, Major91, majstro, Marko Marković, marko308, markoni.slo, mercedesamg, miki kv, mikrimaus, Milometer, Milos ZA, milos.cbr, Milos1389, milos97, mist-mist, mkukoleca, momcilob55, Mrav Obrad, N.e.m.a.nj.a., Natuzzi, neko iz mase, Nele79, nemkea71, oblivion, operniki, OtacMakarije, panzermilan45, Peruta, Petarvu, ping15, Povratak1912, Prašinar, PrincipL, sabros, sajorg, Sami_1ali, sekretar, sixpac, stalja, Strasni JA, synergia, tamno.nebo, TRZH92, tuja, Van, vathra, Velizar Laro, Vlad000, W123, wolf431, Zimbabwe, zlatkoa987, Zorge, Zrcalo

Ko je trenutno na forumu

Ukupno su 1230 korisnika na forumu :: 98 registrovanih, 8 sakrivenih i 1124 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -[CoA]-, 357magnum, 6.5lapua, Aleksej, Apok, Asparagus, Ba4e, bbrasnjo3, blackjack, bokisha253, Bubimir, Cian, Dannyboy, darcaud, Dejan_vw, dejno, Demi87, Dimitrise93, Django777, djile1, doktor097, Dolinc, doom83, Feller, FOX, gaga23, GeoM, gobrad, gregorxix, Holy Saber, iceburn, ivan1973, Jaz, jon istvan, K-1A, kalens021, Kanader, kendzo-andzo-boni-fju, Koridor 11, krca73, Kriglord, Kubovac, kybonacci, lord sir giga, LostInSpaceandTime, Major91, majstro, Marko Marković, marko308, markoni.slo, mercedesamg, miki kv, mikrimaus, Milometer, Milos ZA, milos.cbr, Milos1389, milos97, mist-mist, mkukoleca, momcilob55, Mrav Obrad, N.e.m.a.nj.a., Natuzzi, neko iz mase, Nele79, nemkea71, oblivion, operniki, OtacMakarije, panzermilan45, Peruta, Petarvu, ping15, Povratak1912, Prašinar, PrincipL, sabros, sajorg, Sami_1ali, sekretar, sixpac, stalja, Strasni JA, synergia, tamno.nebo, TRZH92, tuja, Van, vathra, Velizar Laro, Vlad000, W123, wolf431, Zimbabwe, zlatkoa987, Zorge, Zrcalo

Prijateljski sajtovi

Bug u OpenSSH

Bug u OpenSSH

U fokusu na ovom forumu

Izdvojeno na MyCity

Statistika

Nove poruke u ovom forumu

RSS feed-ovi ovog foruma

Nove poruke na TECH delu

Nove poruke na OPŠTEM delu

Naši sajtovi: