|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Fwd: Re: [Full-Disclosure] new ssh exploit?
From: GomoR (bsd_sa
gomor.org)
Date: Tue Sep 16 2003 - 07:19:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Sep 15, 2003 at 08:53:56PM -0400, Mike Tancsa wrote:
>
> Has anyone around here heard of this ?
>
> ---Mike
[..]
I think it has just been commited, but not yet disclosed. See the
diff in FreeBSD CVS:
$ cd /usr/src/crypto/openssh
$ cvs diff -r1.1.1.1.2.4 -r1.1.1.7
Index: buffer.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/buffer.c,v
retrieving revision 1.1.1.1.2.4
retrieving revision 1.1.1.7
diff -r1.1.1.1.2.4 -r1.1.1.7
15c15
< RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
---
> RCSID("$OpenBSD: buffer.c,v 1.17 2003/09/16 03:03:47 deraadt Exp $");
71a72
> u_int newlen;
101,102c102,104
< buffer->alloc += len + 32768;
< if (buffer->alloc > 0xa00000)
---
>
> newlen = buffer->alloc + len + 32768;
> if (newlen > 0xa00000)
104,105c106,108
< buffer->alloc);
< buffer->buf = xrealloc(buffer->buf, buffer->alloc);
---
> newlen);
> buffer->buf = xrealloc(buffer->buf, newlen);
> buffer->alloc = newlen;
--
______________________________________________________________________
__ __
/ || \ FreeBSD Network - http://www.GomoR.org/
| __ |___/ Security Engineer
| || \
\__|| \ >I route, therefore I am<
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]