Bugtraq mailing list archives
Re: SSH deja vu
From: Lucian Hudin <luci () warp transart ro>
Date: Wed, 24 Oct 2001 00:18:06 +0300 (EEST)
I don't know about any teso exploit, but what I want to mention is
that I rememeber studying this problem myself and I've found
that the crc32 bug doesn't manifest under operating systems that
return NULL on realloc(ptr, 0);
So if the exploit is based on the fact that realloc(ptr, 0) will
NOT return NULL, Linux & W2k (systems I have access on) were never
actually vulnerable.
The Linux realloc manual says :
"realloc() returns a pointer to the newly allocated memory, which is
suitably aligned for any kind of variable and may be different
from ptr, or NULL if the request fails or if size was equal to 0.
CONFORMING TO
ANSI-C
"
Regards,
Luci
Current thread:
- SSH deja vu Max Parke (Oct 23)
- Re: SSH deja vu Michal Zalewski (Oct 23)
- Re: SSH deja vu Lucian Hudin (Oct 23)
- Re: SSH deja vu Michal Zalewski (Oct 23)
- Re: SSH deja vu Lucian Hudin (Oct 23)
- Re: SSH deja vu Michal Zalewski (Oct 23)