Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)

From: oysteivi () TIHLDE ORG (Oystein Viggen)
Date: Tue, 16 Nov 1999 11:30:16 +0100

Blue Boar wrote:


<SNIP>
Debian is immune for the (somewhat messy) reasons that they do not link
ssh to rsaref, last time that I checked.
<SNIP>


Does the fact that the international version of ssh from replay.com uses
"internal rsaref" instead of the "external rsaref" in the US version make
it immune to this attack too?

The version is at least not as far as I can see externally linked to any
rsaref library:

[[oysteivi@colargol ~]$ ldd /usr/sbin/sshd1
        libz.so.1 => /usr/lib/libz.so.1 (0x40017000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40027000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x4003d000)
        libpam.so.0 => /lib/libpam.so.0 (0x4006a000)
        libdl.so.2 => /lib/libdl.so.2 (0x40072000)
        libutil.so.1 => /lib/libutil.so.1 (0x40075000)
        libc.so.6 => /lib/libc.so.6 (0x40078000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

(http://www.zedz.net/redhat/ssh.html to check it out for yourselves).

Oystein

--
"It's pudding time, children!"
Previous By Date Next
Previous By Thread Next

Current thread: