Bugtraq mailing list archives
Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)
From: oysteivi () TIHLDE ORG (Oystein Viggen)
Date: Tue, 16 Nov 1999 11:30:16 +0100
Blue Boar wrote:
<SNIP> Debian is immune for the (somewhat messy) reasons that they do not link ssh to rsaref, last time that I checked. <SNIP>
Does the fact that the international version of ssh from replay.com uses "internal rsaref" instead of the "external rsaref" in the US version make it immune to this attack too? The version is at least not as far as I can see externally linked to any rsaref library: [[oysteivi@colargol ~]$ ldd /usr/sbin/sshd1 libz.so.1 => /usr/lib/libz.so.1 (0x40017000) libnsl.so.1 => /lib/libnsl.so.1 (0x40027000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x4003d000) libpam.so.0 => /lib/libpam.so.0 (0x4006a000) libdl.so.2 => /lib/libdl.so.2 (0x40072000) libutil.so.1 => /lib/libutil.so.1 (0x40075000) libc.so.6 => /lib/libc.so.6 (0x40078000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) (http://www.zedz.net/redhat/ssh.html to check it out for yourselves). Oystein -- "It's pudding time, children!"
Current thread:
- ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Blue Boar (Nov 13)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Theo de Raadt (Nov 13)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Szilveszter Adam (Nov 14)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Brian Fundakowski Feldman (Nov 14)
- BIND 8.2.2-P5 release announcement Roger Fajman (Nov 13)
- <Possible follow-ups>
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Oystein Viggen (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Daniel Jacobowitz (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Jochen Bauer (Nov 16)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Nick Craig-Wood (Nov 18)
- ProFTPd - mod_sqlpw.c Todd C. Campbell (Nov 19)
- Pandora v4 Beta 2 Software Simple Nomad (Nov 19)
- Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Ussr Labs (Nov 16)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Seth R Arnold (Nov 17)
- Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Marc (Nov 17)
- SuSE Security Announcement - syslogd (a1) Thomas Biege (Nov 18)
- local users can panic linux kernel (was: SuSE syslogd advisory) Mixter (Nov 18)
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) Theo de Raadt (Nov 13)