Vulnerability Development mailing list archives
Re: OpenSSH Vulnerability
From: Ryan Veety <ryan () ryanspc com>
Date: 18 Sep 2003 16:33:16 -0000
In-Reply-To: <KLEPKILGKHEKNJKBCGLEOEJBCAAA.adam () zeusinternet net>
Now, I've been hacking at the 3.6p1 source all day and it comes down to a few things. OpenSSH refuses packets > 256kb in size. Also, buffer_append_space() will only let you append 1mb of data at a time. It needs >10mb allocated to successfully error and null out too much data. So that's the big obstacle so far, obercoming the limits.
Turn on ssh packet compression, ssh -C. 10MB of NOP's easily compresses down to < 256KB and causes the fatal() in buffer.c. Thats about as far as I've gotten so far. Ryan
Current thread:
- OpenSSH Vulnerability Adam Gilmore (Sep 18)
- <Possible follow-ups>
- Re: OpenSSH Vulnerability Alexander E. Cuttergo (Sep 18)
- Re: OpenSSH Vulnerability weigelt (Sep 18)
- Re: OpenSSH Vulnerability Ryan Veety (Sep 18)
- Re: OpenSSH Vulnerability Adam (Sep 19)