thanks. > -----Original Message----- > From: Larry Price [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 16, 2003 3:54 PM > To: The Eugene Unix and GNU/Linux User Group's mail list > Subject: Re: [eug-lug]SSH Exploit > > > I'm in the middle of patching some of our systems > and from reading the security advisory it looks like it's a DOS vuln, > but NOT a remote root > > quoting FreeBSD Security Advisory FreeBSD-SA-03:12.openssh > """ > When a packet is received that is larger than the space remaining in > the currently allocated buffer, OpenSSH's buffer management attempts > to reallocate a larger buffer. During this process, the recorded size > of the buffer is increased. The new size is then range checked. If > the range check fails, then fatal() is called to cleanup and exit. > In some cases, the cleanup code will attempt to zero and free the > buffer that just had its recorded size (but not actual allocation) > increased. As a result, memory outside of the allocated buffer will > be overwritten with NUL bytes. > > III. Impact > > A remote attacker can cause OpenSSH to crash. The bug is not believed > to be exploitable for code execution on FreeBSD. > > """ > > I have seen reports of a remote-root exploit, but not confirmed ones. > > still, serious though. > > On Tuesday, September 16, 2003, at 03:30 PM, Grigsby, Garl wrote: > > > I am assuming that most of you have heard that there is a) > a new SSH > > vulnerability and b) that there appears to be an exploit available. > > (See the link below for more information). > > > > What I would like to know is if anybody has seen somewhere > I can get > > my hands on the exploit. I would like to see what it looks > like when > > it attacks a machine. A friend of my might have already > been hit. He > > saw some unusual activity on his system and pulled the network > > connection, but we are not sure if he has been root'd or > not. I would > > like to try this on one of my systems and see what shows in > the logs. > > > > Thanks, > > Garl > > > > http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172 > > > > > ============================================================== > ========= > > Garl R. Grigsby > > Senior Customer Applications Engineer - I-DEAS CAE & FEMAP Support > > > -------------------------------------------------------------- > --------- > > EDS PLM Solutions Phone: > (800) 955-0000 > > Global Technical Access Center FAX: > (541) 342-8277 > > 1750 Willow Creek Circle Email: > [EMAIL PROTECTED] > > Eugene, OR 97402 Internet: > http://support.plms-eds.com > > > ============================================================== > ========= > > -FEA makes a good engineer great, and a poor engineer dangerous- > > > ============================================================== > ========= > > > > _______________________________________________ > > EuG-LUG mailing list > > [EMAIL PROTECTED] > > http://mailman.efn.org/cgi-bin/listinfo/eug-lug > > > > > -- > "The Internet is falling" --C. Little 2003 > > _______________________________________________ > EuG-LUG mailing list > [EMAIL PROTECTED] > http://mailman.efn.org/cgi-bin/listinfo/eug-lug >
_______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
