Mrdkaaa Security Advisory 080709-001
Package : OpenSSH
Date : July 09, 2008
1. Details
[openssh-5.0p1/auth1.c]
234 static void
235 do_authloop(Authctxt *authctxt)
345 len = buffer_len(&loginmsg);
346 buffer_append(&loginmsg, "\0", 1);
347 msg = buffer_ptr(&loginmsg);
354 packet_disconnect(msg);
[openssh-5.0p1/packet.c]
1377 void
1378 packet_disconnect(const char *fmt,...)
1392 va_start(args, fmt);
1393 vsnprintf(buf, sizeof(buf), fmt, args);
1394 va_end(args);
2. Analysis
100% lame
3. Detection
-rwsr-sr-x 1 root root 678832 2008-07-09 03:47 /tmp/sh
root pts/1 1.3.3.7 03:48 0.00s 0.00s 0.00s /tmp/sh
4. Pwnie Awards 2008
To submit a nomination, visit the Pwnie Awards site at http://pwnie-awards.org/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jul 09 2008
Intro
