Vulnerability Development mailing list archives

SSH 1.2.26 vulnerability real or not?

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Thu, 17 Aug 2000 17:02:42 +0200

I'm curious about an old SSH issue I stumbled accross at
http://marc.theaimsgroup.com. It's regarding the old SSH 1.2.26 code.

Looking at the following flamewar between IBM, rootshell and ssh.fi:
http://marc.theaimsgroup.com/?l=rootshell-announce&m=90995421621205&w=2

IBM it short:
The "log_msg" function, called by several parts of the server program to
send information to the system log, copies user-supplied data into a local
buffer without checking that the data will fit.

IBM's fixes were indeed applied to SSH 1.2.27, from the Changelog:
        * Added snprintf from ssh2.
        * Tatu's sprintf -> snprintf fixes.
        * Fixed potential buffer overflows.

It sounds this is a subject which must have been researched more than
poking around at http://marc.theaimsgroup.com reveales. Anyone know if
this truely only was "potential"?

Trying to stay away from flaming SSH, but can you really commit a fix and
at the same time deny that there is no problem?

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

Current thread:

SSH 1.2.26 vulnerability real or not? Bluefish (P.Magnusson) (Aug 17)
- Re: SSH 1.2.26 vulnerability real or not? Jan IVEN (Aug 18)