Date: Tue, 16 Sep 2003 14:19:34 +0200 From: GomoR <bsd_sa@gomor.org> To: security@freebsd.org Subject: Re: Fwd: Re: [Full-Disclosure] new ssh exploit? Message-ID: <20030916141934.A93383@dani.enslaved.lan> In-Reply-To: <6.0.0.22.0.20030915205323.076ad580@209.112.4.2>; from mike@sentex.net on Mon, Sep 15, 2003 at 08:53:56PM -0400 References: <6.0.0.22.0.20030915205323.076ad580@209.112.4.2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 15, 2003 at 08:53:56PM -0400, Mike Tancsa wrote:
>
> Has anyone around here heard of this ?
>
> ---Mike
[..]
I think it has just been commited, but not yet disclosed. See the
diff in FreeBSD CVS:
$ cd /usr/src/crypto/openssh
$ cvs diff -r1.1.1.1.2.4 -r1.1.1.7
Index: buffer.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/buffer.c,v
retrieving revision 1.1.1.1.2.4
retrieving revision 1.1.1.7
diff -r1.1.1.1.2.4 -r1.1.1.7
15c15
< RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
---
> RCSID("$OpenBSD: buffer.c,v 1.17 2003/09/16 03:03:47 deraadt Exp $");
71a72
> u_int newlen;
101,102c102,104
< buffer->alloc += len + 32768;
< if (buffer->alloc > 0xa00000)
---
>
> newlen = buffer->alloc + len + 32768;
> if (newlen > 0xa00000)
104,105c106,108
< buffer->alloc);
< buffer->buf = xrealloc(buffer->buf, buffer->alloc);
---
> newlen);
> buffer->buf = xrealloc(buffer->buf, newlen);
> buffer->alloc = newlen;
--
______________________________________________________________________
__ __
/ || \ FreeBSD Network - http://www.GomoR.org/
| __ |___/ Security Engineer
| || \
\__|| \ >I route, therefore I am<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030916141934.A93383>