Full Disclosure mailing list archives
[MSA080709-001] OpenSSH Vulnerability
From: mrdkaaa <mrdkaaa () stream cz>
Date: Wed, 09 Jul 2008 09:30:59 +0200 (CEST)
Mrdkaaa Security Advisory 080709-001 Package : OpenSSH Date : July 09, 2008 1. Details [openssh-5.0p1/auth1.c] 234 static void 235 do_authloop(Authctxt *authctxt) 345 len = buffer_len(&loginmsg); 346 buffer_append(&loginmsg, "\0", 1); 347 msg = buffer_ptr(&loginmsg); 354 packet_disconnect(msg); [openssh-5.0p1/packet.c] 1377 void 1378 packet_disconnect(const char *fmt,...) 1392 va_start(args, fmt); 1393 vsnprintf(buf, sizeof(buf), fmt, args); 1394 va_end(args); 2. Analysis 100% lame 3. Detection -rwsr-sr-x 1 root root 678832 2008-07-09 03:47 /tmp/sh root pts/1 1.3.3.7 03:48 0.00s 0.00s 0.00s /tmp/sh 4. Pwnie Awards 2008 To submit a nomination, visit the Pwnie Awards site at http://pwnie-awards.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [MSA080709-001] OpenSSH Vulnerability mrdkaaa (Jul 09)