Metasploit mailing list archives
OpenSSH Remote Overflow 0day
From: jerome.athias at free.fr (Jerome Athias)
Date: Fri, 31 Mar 2006 23:55:47 +0200
OpenSSH Remote Overflow 0day
Released date: 1st april (00H00 GMT+1)
There is a remote overflow in the ssh-HDM utility provided with OpenSSH.
The bug occurs in the DrinkBeer() function when sending a
specially-crafted overly long Beer Packet.
Sending 1025 beers to the target will result in the target to puke and
stop responding.
PoC:
sc=" .msfmsfmsf.
.msfmsfmsfmsfmsfmsfs
msfmsfmsfmsfmsfmsfmsfmsfs
msfmsfmsfmsfmsfmsfmsfmsfmsfs
@@msfmsfmsfmsfmsfmsfmsfss at ss
|s@@@@msfmsfmsfmsfmsf@@@@s|s
_______|msfss@@@@@msfss@@@@@msfss|s
/ msfmsfmsf at msfss@msfmsfmsf|s
/ .------+.msfmsfss at msfss@msfmsfss.|
/ / |...msfmsfs at msf@msfmsfs...|
| | |.......msf at msf@msfs......|
| | |..........s at ss@msf.......|
| | |........... at ss@..........|
\ \ |............ss at ..........|
\ '------+...........ss at ...........|
\________ .........................|
|.........................|
/...........................\
|.............................|
|.......................|
|...............|
'==================================================================='
|| ___ ||
|| .' '. ||
|| / \ oOoOo ||
|| | | ,==||||| ||
|| \ / _|| ||||| ||
|| '.___.' _.-'^|| ||||| ||
|| __/_______.-' '==HDMHH ||
|| _.-'` / """"" ||
|| .-' / oOoOo ||
|| `-._ / ,==||||| ||
|| '-/._|| ||||| ||
|| / ^|| ||||| ||
|| / '==HDMHH ||
|| /________""""" ||
|| `\ `\ ||
|| \ `\ / ||
|| \ `\/ ||
|| / ||
|| / ||
|| /_____ ||
|| ||
'==================================================================='
";
Solution:
The OpenHeineken vendor was contacted but was not able to produce a patch.
Try the unofficial Coca-Cola fix.
/Sorry guys, no more inspiration for the 1st april :p
Current thread:
- OpenSSH Remote Overflow 0day Jerome Athias (Mar 31)