Bugtraq mailing list archives
Re: SSH deja vu
From: Lucian Hudin <luci () warp transart ro>
Date: Wed, 24 Oct 2001 00:18:06 +0300 (EEST)
I don't know about any teso exploit, but what I want to mention is that I rememeber studying this problem myself and I've found that the crc32 bug doesn't manifest under operating systems that return NULL on realloc(ptr, 0); So if the exploit is based on the fact that realloc(ptr, 0) will NOT return NULL, Linux & W2k (systems I have access on) were never actually vulnerable. The Linux realloc manual says : "realloc() returns a pointer to the newly allocated memory, which is suitably aligned for any kind of variable and may be different from ptr, or NULL if the request fails or if size was equal to 0. CONFORMING TO ANSI-C " Regards, Luci
Current thread:
- SSH deja vu Max Parke (Oct 23)
- Re: SSH deja vu Michal Zalewski (Oct 23)
- Re: SSH deja vu Lucian Hudin (Oct 23)
- Re: SSH deja vu Michal Zalewski (Oct 23)
- Re: SSH deja vu Lucian Hudin (Oct 23)
- Re: SSH deja vu Michal Zalewski (Oct 23)