what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
MD5 | c54b7076bfc79421c5985ff3b7b65cb7
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Adobe To Kill Off Flash By 2020
Posted Jul 25, 2017

tags | headline, hacker, malware, flaw, adobe
Here's The FBI's Internal Presentation About The 9/11 Attacks
Posted Jul 25, 2017

tags | headline, government, usa, terror, fbi
The SEC Just Ruled That Ethereum ICO Tokens Are Securities
Posted Jul 25, 2017

tags | headline, government, usa
Las Vegas Locks Down Ahead Of DEFCON
Posted Jul 25, 2017

tags | headline, hacker, usa, conference
macOS Fruitfly Backdoor Analysis And Spying Capabilities
Posted Jul 25, 2017

tags | headline, malware, spyware, apple, backdoor
How Coders Hacked Back To Rescue $208 Million In Ethereum
Posted Jul 25, 2017

tags | headline, hacker, bank, fraud
Pathetic Patching Leaves Over 70,000 Memcached Servers Still Up For Grabs
Posted Jul 25, 2017

tags | headline, hacker, data loss, flaw
Video: Cash Machine Hacked In 5 Minutes
Posted Jul 25, 2017

tags | headline, bank, cybercrime, fraud, flaw
Companies Are Still Dealing With The Aftermath Of Petya
Posted Jul 24, 2017

tags | headline, malware, cybercrime, fraud, cryptography
Sweden Leaked Every Car Owners' Details Last Year
Posted Jul 24, 2017

tags | headline, government, privacy, data loss, sweden
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close