Twenty Year Anniversary
Showing 1 - 1 of 1 RSS Feed

Files

adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
MD5 | c54b7076bfc79421c5985ff3b7b65cb7
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Californian Man Gets Six Months For Assisting Russian Trolls
Posted Oct 12, 2018

tags | headline, government, usa, russia, fraud, cyberwar
A Mysterious Grey Hat Is Patching People's Outdated MikroTik Routers
Posted Oct 12, 2018

tags | headline, hacker, flaw, patch
Facebook Shuts Down Spammy Politics Pages
Posted Oct 12, 2018

tags | headline, government, fraud, cyberwar, facebook, social
Fake Adobe Flash Updates Hide Malicious Crypto Miners
Posted Oct 12, 2018

tags | headline, malware, flaw, adobe, cryptography
Cops Arrest Infamous SIM Swapper Who Stole Crypto Currency
Posted Oct 11, 2018

tags | headline, phone, cybercrime, fraud, cryptography
Hackers Breach Web Hosting Provider For The Second Time In The Past Year
Posted Oct 11, 2018

tags | headline, hacker, privacy, data loss
US Weapons Systems Can Be Easily Hacked
Posted Oct 11, 2018

tags | headline, hacker, government, usa, flaw, cyberwar, military
Network Time Protocol Bugs Sting Juniper Operating System
Posted Oct 11, 2018

tags | headline, flaw, juniper
Four Critical Flaws Patched In Adobe Digital Edition
Posted Oct 11, 2018

tags | headline, malware, flaw, adobe, patch
GAO Report Slams DoD Cyber Security Practices
Posted Oct 11, 2018

tags | headline, government, usa, cyberwar
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close