Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: ssh-1.2.27 remote buffer overflow - exploitable

Re: ssh-1.2.27 remote buffer overflow - exploitable

From: Markus Friedl <markus.friedl_at_INFORMATIK.UNI-ERLANGEN.DE>
Date: Thu, 11 Nov 1999 23:44:54 +0100

On Tue, Nov 09, 1999 at 11:04:19AM -0500, Daniel Jacobowitz wrote:
> On Tue, Nov 09, 1999 at 01:48:53AM -0000, Frank wrote:
> > This is submitted to the Freebsd bug tracking system, although there
> > are doubtless other vendors who leave this package, despite the
> > existence of the ssh-2.X. While Debian appears to be immune, I was
> > able to crash my ssh daemon (much to my dismay), and there appears
> > the potential to execute arbitrary code, as long as you encrypt it
> > first...
>
> Debian is immune for the (somewhat messy) reasons that they do not link
> ssh to rsaref, last time that I checked.

note that OpenSSH is immune, too.
it does _not_ use rsaglue.c for rsaref.

-markus
Received on Nov 13 1999

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos