Vulnerability Development mailing list archives
SSH 1.2.26 vulnerability real or not?
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Thu, 17 Aug 2000 17:02:42 +0200
I'm curious about an old SSH issue I stumbled accross at http://marc.theaimsgroup.com. It's regarding the old SSH 1.2.26 code. Looking at the following flamewar between IBM, rootshell and ssh.fi: http://marc.theaimsgroup.com/?l=rootshell-announce&m=90995421621205&w=2 IBM it short: The "log_msg" function, called by several parts of the server program to send information to the system log, copies user-supplied data into a local buffer without checking that the data will fit. IBM's fixes were indeed applied to SSH 1.2.27, from the Changelog: * Added snprintf from ssh2. * Tatu's sprintf -> snprintf fixes. * Fixed potential buffer overflows. It sounds this is a subject which must have been researched more than poking around at http://marc.theaimsgroup.com reveales. Anyone know if this truely only was "potential"? Trying to stay away from flaming SSH, but can you really commit a fix and at the same time deny that there is no problem? ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- SSH 1.2.26 vulnerability real or not? Bluefish (P.Magnusson) (Aug 17)
- Re: SSH 1.2.26 vulnerability real or not? Jan IVEN (Aug 18)