Re: OpenSSH Vulnerability

["Adam" <adam () zeusinternet net>]

I can't see any way you could use compression to crash the process.  I did
try this method, but the minute we try to buffer_append() the data to the
output buffer (in buffer_uncompress()), the data we try to append >1mb
therefore buffer_append_space() crashes BEFORE we're actually able to
"allocate" the required space.  i.e. it crashes on the wrong fatal() call
for what we want.  Therefore we have to somehow allocate <1mb at a time to
successfully overflow.  So I don't see quite how we could crash the process
by sending it a compressed 10mb packet or anything.

Any suggestions?



***************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you are not the intended recipient any use,
distribution, disclosure or copying of this information is prohibited.
If you have received this email in error please notify the sender
immediately and delete it and any attachments from your system
***************************************************************