Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: More ssh fun (sshd this time)
From: ccraig () CC GATECH EDU (Christopher Craig)
Date: Wed, 27 Aug 1997 11:48:35 -0400


Included From: Solar Designer <solar () FALSE COM>:

+   if (port > 65535)
+     packet_disconnect("Requested port is %d is invalid",port);

This still doesn't fix the problem since port is defined as a signed int,
and negative values will pass your check. Of course, their lower 16 bits
may represent a privileged port number.


The lines directly after this in the code are

    if (port < 1024 && !is_root)
      packet_disconnect("Requested forwarding of port %d but user is not root.",

It looks like that should catch negative (as well as privileged)
port numbers, so I don't think the patch really has to fix that
problem at all.

--
Christopher Craig (ccraig () cc gatech edu)
"You could shoot Microsoft Office off the planet and this country would
 run better. You would see everyone standing around saying, 'I've got
 so much time now.' "  Scott McNealy (CEO of Sun)
PGP Key Verification: EE B1 F3 A0 3F BC 3C C7  81 61 F1 91 6E 99 13 65
http://www.cc.gatech.edu/people/home/ccraig



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]