Vulnerability Development mailing list archives

Re: OpenSSH Vulnerability

From: weigelt () metux de
Date: Thu, 18 Sep 2003 20:57:06 +0200

On Thu, Sep 18, 2003 at 11:35:21AM -0700, Alexander E. Cuttergo wrote:

<snip>

It would be easier to exploit out-of-memory condition. But it requires
additional bug to consume all memory on an attacked host. By default, sshd
allows only 10 unauthenticated sessions, so by sshd you can only consume ca
20MBx10=200MB, which is not enough.


Is it also true when running sshd by inetd  (-i) ?

cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT services

 phone:     +49 36207 519931         www:       http://www.metux.de/     
 fax:       +49 36207 519932         email:     contact () metux de
 cellphone: +49 174 7066481          
---------------------------------------------------------------------
 Diese Mail wurde mit UUCP versandt.      http://www.metux.de/uucp/

Current thread:

OpenSSH Vulnerability Adam Gilmore (Sep 18)
- <Possible follow-ups>
- Re: OpenSSH Vulnerability Alexander E. Cuttergo (Sep 18)
  - Re: OpenSSH Vulnerability weigelt (Sep 18)
- Re: OpenSSH Vulnerability Ryan Veety (Sep 18)
- Re: OpenSSH Vulnerability Adam (Sep 19)