Full Disclosure mailing list archives
openssh remote exploit
From: <auto64746 () hushmail com>
Date: Mon, 15 Sep 2003 16:31:56 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 you can see the 2 bugs in this code?, seems to of me that theo could not. i am of understanding that there are exploits working on this in the wild. 3 remote holes in default install now ! hahaha void * buffer_append_space(Buffer *buffer, u_int len) { void *p; if (len > 0x100000) fatal("buffer_append_space: len %u not supported", len); /* If the buffer is empty, start using it from the beginning. */ if (buffer->offset == buffer->end) { buffer->offset = 0; buffer->end = 0; } restart: /* If there is enough space to store all data, store it now. */ if (buffer->end + len < buffer->alloc) { p = buffer->buf + buffer->end; buffer->end += len; return p; } /* * If the buffer is quite empty, but all data is at the end, move the * data to the beginning and retry. */ if (buffer->offset > buffer->alloc / 2) { memmove(buffer->buf, buffer->buf + buffer->offset, buffer->end - buffer->offset); buffer->end -= buffer->offset; buffer->offset = 0; goto restart; } /* Increase the size of the buffer and retry. */ buffer->alloc += len + 32768; if (buffer->alloc > 0xa00000) fatal("buffer_append_space: alloc %u not supported", buffer->alloc); buffer->buf = xrealloc(buffer->buf, buffer->alloc); goto restart; /* NOTREACHED */ } -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj9mSqAACgkQO4YmZKj9rSu4mQCeMS8jvadKaKO01kAwl3Ykwirr9ZEA oLOwzsupmVKP+z1R/5OSlu8NHngf =c0bi -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- openssh remote exploit auto64746 (Sep 15)
- Re: openssh remote exploit Darren Reed (Sep 15)
- Re: openssh remote exploit Timo Sirainen (Sep 16)
- Re: openssh remote exploit Adam Dyga (Sep 17)
- <Possible follow-ups>
- Re: openssh remote exploit auto64746 (Sep 16)
- Re: openssh remote exploit Diode Trnasistor (Sep 16)
- Re: openssh remote exploit Darren Reed (Sep 16)
- RE: openssh remote exploit Edward W. Ray (Sep 16)
- Re: openssh remote exploit Darren Reed (Sep 16)
- Re: openssh remote exploit Mike Griffin (Sep 16)
- Re: openssh remote exploit KF (Sep 16)