Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > network management > Content
Hot Articles
The share network manage
Can Inforenz crack the c
NUUO Surveillance Softwa
NUUO helps prevent accid
Aladdin's HASP Secures C
North Somerset Council p
BT4 Internet Settings sk
The discovery discovers
Batch open 3389 port pro
The share network manage
Pubwin2007 explains all
The computer password ex
SQL pours into the new t
VoIP security crack anal
OpenSSH Buffer Managemen
Recommend Articles
The expert analyzes ten
Safeguard system clean n
Graphic solution IE8 man
SQL pours into the new t
Why can't hundreds of th
Prevents the hacker to i
Teaches you to close the
The share network manage
Chats in local area netw
About the network connec
Let the network transmis
Explains in detail virtu
To hoodlum software and
Careful system initiatio
The common wooden horse
New Articles
The GHOST of Win7 before
Windows 7 of VMware wire
Examples of skills again
360 security experts war
Give oneself of the Inte
Ensure the Web applicati
Banned WVS scanner scann
By 2010, the introductio
Website backlinks going
Win7 desktop screen
Protection were cloud se
Ensure the effective DNS
Talk about ADSL safety p
Expose a seo's attack mo
Linux (RHEL5) regular se
OpenSSH Buffer Management Vulnerability
  Add date: 02/12/2009   Publishing date: 02/12/2009   Hits: 66
Total 2 pages, Current page:1, Jump to page:
 

Versions affected:
All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively.

Other implementations sharing common origin may also have these issues.

Solution:
Upgrade to OpenSSH 3.7.1 or apply the following patch.

Appendix A: patch for OpenSSH 3.6.1 and earlier
Index: buffer.c
 ===================================================================
RCS file: /cvs/src/usr.bin/ssh/buffer.c,v
retrieving revision 1.16
retrieving revision 1.18
diff -u -r1.16 -r1.18
--- buffer.c  26 Jun 2002 08:54:18 -0000  1.16
+++ buffer.c  16 Sep 2003 21:02:39 -0000  1.18
@@ -23,8 +23,11 @@
 void
 buffer_init(Buffer *buffer)
 {
-  buffer->alloc = 4096;
-  buffer->buf = xmalloc(buffer->alloc);
+  const u_int len = 4096;
+
+  buffer->alloc = 0;
+  buffer->buf = xmalloc(len);
+  buffer->alloc = len;
   buffer->offset = 0;
   buffer->end = 0;
 }
@@ -34,8 +37,10 @@
 void
 buffer_free(Buffer *buffer)
 {
-  memset(buffer->buf, 0, buffer->alloc);
-  xfree(buffer->buf);
+  if (buffer->alloc > 0) {
+    memset(buffer->buf, 0, buffer->alloc);
+    xfree(buffer->buf);
+  }
 }
 
 /*
@@ -69,6 +74,7 @@
 void *
 buffer_append_space(Buffer *buffer, u_int len)
 {
+  u_int newlen;
   void *p;
 
   if (len > 0x100000)
@@ -98,11 +104,13 @@
     goto restart;
   }
   /* Increase the size of the buffer and retry. */
-  buffer->alloc += len + 32768;
-  if (buffer->alloc > 0xa00000)

+  newlen = buffer->alloc + len + 32768;
+  if (newlen > 0xa00000)
     fatal("buffer_append_space: alloc %u not supported",
-        buffer->alloc);
-  buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+        newlen);
+  buffer->buf = xrealloc(buffer->buf, newlen);
+  buffer->alloc = newlen;
   goto restart;
   /* NOTREACHED */
 }
Index: channels.c
 ===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.194
retrieving revision 1.195
diff -u -r1.194 -r1.195
--- channels.c  29 Aug 2003 10:04:36 -0000  1.194
+++ channels.c  16 Sep 2003 21:02:40 -0000  1.195
@@ -228,12 +228,13 @@
   if (found == -1) {
     /* There are no free slots.  Take last+1 slot and expand the array.  */
     found = channels_alloc;
-    channels_alloc += 10;
     if (channels_alloc > 10000)
       fatal("channel_new: internal error: channels_alloc %d "

 

Other pages: : 1 * 2 * Next>>
Prev:Lack of network security found in major backbone providers Next:AXIS Q1755 Network Camera with true HDTV performance

Comment:

Category: Home > network management
Home