From owner-freebsd-security@FreeBSD.ORG Tue Sep 16 05:18:19 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A367916A4B3 for ; Tue, 16 Sep 2003 05:18:19 -0700 (PDT) Received: from enslaved.homeunix.org (ARennes-303-1-31-72.w81-248.abo.wanadoo.fr [81.248.97.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEAF943F85 for ; Tue, 16 Sep 2003 05:18:17 -0700 (PDT) (envelope-from hexa@enslaved.homeunix.org) Received: from enslaved.homeunix.org (localhost.enslaved.lan [127.0.0.1]) h8GCJYUP093405 for ; Tue, 16 Sep 2003 14:19:34 +0200 (CEST) (envelope-from hexa@enslaved.homeunix.org) Received: (from hexa@localhost) by enslaved.homeunix.org (8.12.8p1/8.12.8/Submit) id h8GCJYVB093404 for security@freebsd.org; Tue, 16 Sep 2003 14:19:34 +0200 (CEST) Date: Tue, 16 Sep 2003 14:19:34 +0200 From: GomoR To: security@freebsd.org Message-ID: <20030916141934.A93383@dani.enslaved.lan> Mail-Followup-To: security@freebsd.org References: <6.0.0.22.0.20030915205323.076ad580@209.112.4.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.0.20030915205323.076ad580@209.112.4.2>; from mike@sentex.net on Mon, Sep 15, 2003 at 08:53:56PM -0400 User-Agent: Mutt, and under FreeBSD, obviously ;-) Organization: FreeBSD Network - http://www.gomor.org/ Subject: Re: Fwd: Re: [Full-Disclosure] new ssh exploit? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2003 12:18:19 -0000 On Mon, Sep 15, 2003 at 08:53:56PM -0400, Mike Tancsa wrote: > > Has anyone around here heard of this ? > > ---Mike [..] I think it has just been commited, but not yet disclosed. See the diff in FreeBSD CVS: $ cd /usr/src/crypto/openssh $ cvs diff -r1.1.1.1.2.4 -r1.1.1.7 Index: buffer.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/buffer.c,v retrieving revision 1.1.1.1.2.4 retrieving revision 1.1.1.7 diff -r1.1.1.1.2.4 -r1.1.1.7 15c15 < RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $"); --- > RCSID("$OpenBSD: buffer.c,v 1.17 2003/09/16 03:03:47 deraadt Exp $"); 71a72 > u_int newlen; 101,102c102,104 < buffer->alloc += len + 32768; < if (buffer->alloc > 0xa00000) --- > > newlen = buffer->alloc + len + 32768; > if (newlen > 0xa00000) 104,105c106,108 < buffer->alloc); < buffer->buf = xrealloc(buffer->buf, buffer->alloc); --- > newlen); > buffer->buf = xrealloc(buffer->buf, newlen); > buffer->alloc = newlen; -- ______________________________________________________________________ __ __ / || \ FreeBSD Network - http://www.GomoR.org/ | __ |___/ Security Engineer | || \ \__|| \ >I route, therefore I am<