Vulnerability Development mailing list archives
Re: OpenSSH Vulnerability
From: "Adam" <adam () zeusinternet net>
Date: Fri, 19 Sep 2003 09:25:17 +1000
I can't see any way you could use compression to crash the process. I did try this method, but the minute we try to buffer_append() the data to the output buffer (in buffer_uncompress()), the data we try to append >1mb therefore buffer_append_space() crashes BEFORE we're actually able to "allocate" the required space. i.e. it crashes on the wrong fatal() call for what we want. Therefore we have to somehow allocate <1mb at a time to successfully overflow. So I don't see quite how we could crash the process by sending it a compressed 10mb packet or anything. Any suggestions? *************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient any use, distribution, disclosure or copying of this information is prohibited. If you have received this email in error please notify the sender immediately and delete it and any attachments from your system ***************************************************************
Current thread:
- OpenSSH Vulnerability Adam Gilmore (Sep 18)
- <Possible follow-ups>
- Re: OpenSSH Vulnerability Alexander E. Cuttergo (Sep 18)
- Re: OpenSSH Vulnerability weigelt (Sep 18)
- Re: OpenSSH Vulnerability Ryan Veety (Sep 18)
- Re: OpenSSH Vulnerability Adam (Sep 19)