Home page logo

bugtraq logo Bugtraq mailing list archives

Re: More ssh fun (sshd this time)
From: solar () FALSE COM (Solar Designer)
Date: Wed, 27 Aug 1997 05:48:44 -0300


+   if (port > 65535)
+     packet_disconnect("Requested port is %d is invalid",port);

This still doesn't fix the problem since port is defined as a signed int,
and negative values will pass your check. Of course, their lower 16 bits
may represent a privileged port number.

BTW, it looks like integer overflows and negative number problems are quite
common: sshd, Linux setrlimit(), Linux sysctl() -- any more coming soon? ;)

Solar Designer

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]