Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development: ssh-1.2.27 remote buffer overflow - exploitable

ssh-1.2.27 remote buffer overflow - exploitable

From: Frank <foofc7ca_at_SOFTHOME.NET>
Date: Tue, 9 Nov 1999 01:48:53 -0000

This is submitted to the Freebsd bug tracking system, although there are doubtless other vendors who leave this package, despite the existence of the ssh-2.X. While Debian appears to be immune, I was able to crash my ssh daemon (much to my dismay), and there appears the potential to execute arbitrary code, as long as you encrypt it first...

Here is the freebsd report.. it describes the method to crash a remote Ssh daemon (lets hope you ran sshd from your xinetd, etc).

http://www.freebsd.org/cgi/query-pr.cgi?pr=14749
Received on Nov 08 1999

This message: [ Message body ]
Next message: Mikael Olsson: "MS Outlook javascript parsing bug"
Previous message: D. J. Bernstein: "Re: FreeBSD listen()"
Next in thread: Jochen Bauer: "Re: ssh-1.2.27 remote buffer overflow - exploitable"
Reply: Jochen Bauer: "Re: ssh-1.2.27 remote buffer overflow - exploitable"
Reply: Daniel Jacobowitz: "Re: ssh-1.2.27 remote buffer overflow - exploitable"
Reply: Bill Smargiassi: "Re: ssh-1.2.27 remote buffer overflow - exploitable -- OFF TOPIC"
Reply: Daniel Jacobowitz: "Re: ssh-1.2.27 remote buffer overflow - exploitable"
Reply: D. J. Bernstein: "thttpd 2.04 stack overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]