Bugtraq mailing list archives

Re: More ssh fun (sshd this time)

From: solar () FALSE COM (Solar Designer)
Date: Wed, 27 Aug 1997 05:48:44 -0300


Hello!

+   if (port > 65535)
+     packet_disconnect("Requested port is %d is invalid",port);


This still doesn't fix the problem since port is defined as a signed int,
and negative values will pass your check. Of course, their lower 16 bits
may represent a privileged port number.

BTW, it looks like integer overflows and negative number problems are quite
common: sshd, Linux setrlimit(), Linux sysctl() -- any more coming soon? ;)

Signed,
Solar Designer

Current thread:

More ssh fun (sshd this time) Ivo van der Wijk (Aug 19)
- Re: More ssh fun (sshd this time) Olaf Titz (Aug 23)
- Sun Security Bulletin #00152 Aleph One (Aug 25)
- Sun Security Bulletin #00153 Aleph One (Aug 25)
- Active X exploit. Peter Shipley (Aug 25)
- Re: More ssh fun (sshd this time) Wietse Venema (Aug 25)
- <Possible follow-ups>
- Re: More ssh fun (sshd this time) Thamer Al-Herbish (Aug 23)
  - Re: More ssh fun (sshd this time) Solar Designer (Aug 27)
  - Re: More ssh fun (sshd this time) Paul H. Hargrove (Aug 27)
- Re: More ssh fun (sshd this time) Christopher Craig (Aug 27)
  - Integer Overflows Solar Designer (Aug 27)