Re: OpenSSH Vulnerability

[Ryan Veety <ryan () ryanspc com>]

In-Reply-To: <KLEPKILGKHEKNJKBCGLEOEJBCAAA.adam () zeusinternet net>

> Now, I've been hacking at the 3.6p1 source all day and it comes down to a
> few things. OpenSSH refuses packets > 256kb in size. Also,
> buffer_append_space() will only let you append 1mb of data at a time. It
> needs >10mb allocated to successfully error and null out too much data. So
> that's the big obstacle so far, obercoming the limits.

Turn on ssh packet compression, ssh -C.  10MB of NOP's easily compresses down to < 256KB and causes the fatal() in 
buffer.c.  Thats about as far as I've gotten so far.

Ryan