Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow

From: Marcell Fodor <m.fodor () mail datanet hu>
Date: 19 Apr 2002 22:42:51 -0000


effect:
        local root

 vulnerable services:

        -pass Kerberos IV TGT
        -pass AFS Token 

bug details:

        radix.c
        GETSTRING macro in radix_to_creds 
function may cause buffer overflow.
        affected buffers:
        
            creds->service
            creds->instance
            creds->realm
            creds->pinst

exploit code here: mantra.freeweb.hu
Previous By Date Next
Previous By Thread Next

Current thread: