Exploit the possiblities
Showing 1 - 1 of 1 RSS Feed

Files

adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
MD5 | c54b7076bfc79421c5985ff3b7b65cb7
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Facebook Told To Stop Tracking In Belgium
Posted Feb 17, 2018

tags | headline, government, privacy, facebook
A Hacker Has Wiped A Spyware Company's Servers - Again
Posted Feb 17, 2018

tags | headline, hacker, malware, spyware
Special Counsel Indicts 13 People, Russian Troll Farm On Conspiracy Charges
Posted Feb 17, 2018

tags | headline, government, usa, russia, fraud, cyberwar
Variants Of Meltdown-Spectre Flaws May Have Been Discovered
Posted Feb 16, 2018

tags | headline, hacker, flaw, intel
Former ICE Top Lawyer Stole Alien Identities From Govt Database
Posted Feb 16, 2018

tags | headline, government, privacy, usa, fraud, identity theft
Ajit Pai Is Being Investigated By The FCC For Corruption
Posted Feb 16, 2018

tags | headline, government, usa, fraud
New Chaos Linux Backdoor Is Pretty Stealthy
Posted Feb 16, 2018

tags | headline, hacker, malware, linux, backdoor
A Potent Botnet Is Exploiting A Critical Router Bug That May Never Be Fixed
Posted Feb 15, 2018

tags | headline, hacker, botnet, flaw
Anti-Clinton Wikileaks Chat Leaked
Posted Feb 15, 2018

tags | headline, government, data loss, fraud
NSA, FBI, CIA All Agree You Shouldn't Trust A Huawei Phone
Posted Feb 15, 2018

tags | headline, government, usa, phone, china, fbi, nsa, cia
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close