Vulnerability Development mailing list archives
Re: openssh vulnerability
From: Przemyslaw Frasunek <venglin () freebsd lublin pl>
Date: Tue, 16 Sep 2003 21:19:05 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Diode Trnasistor wrote:
Is anyone familiar with what happens when you use realloc like they are using originally (when using a value instead the structure to reallocate as the second value to realloc). I still fail to see how this is a security problem, and would like it if someone would explain it to me. Thanx :)
If buffer->alloc is too large, fatal() is called. In some cases, it will attempt to buffer_free() such corrupted buffer causing memset() to overflow it with NULL bytes in rather uncontrolled manner. Actually, I can't think of any exploiting scenario, especially on systems using phkmalloc. - -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw () frasunek com ** keyId: 2578FCAD | C0613BE3 | EC78FAB5 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/Z2IpkxEnBiV4/K0RAhdIAJ9zWudCeU8ZzgJODa6dHdjAdp0LLwCgw31D ynXB9PDdSUPxaOvkacpfNuE= =BEjm -----END PGP SIGNATURE-----
Current thread:
- Cannot access memory at address 0x90909090 Ingram (Sep 11)
- Re: Cannot access memory at address 0x90909090 fr0stman (Sep 11)
- <Possible follow-ups>
- Re: Cannot access memory at address 0x90909090 DownBload (Sep 12)
- Re: Cannot access memory at address 0x90909090 . npguy (Sep 13)
- openssh vulnerability Diode Trnasistor (Sep 16)
- Re: openssh vulnerability Przemyslaw Frasunek (Sep 16)
- Re: openssh vulnerability Robert A. Seace (Sep 16)
- openssh vulnerability Diode Trnasistor (Sep 16)