Twenty Year Anniversary
Showing 1 - 1 of 1 RSS Feed

Files

adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
MD5 | c54b7076bfc79421c5985ff3b7b65cb7
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Ethical Hacking Growing In Popularity As Data Breaches Increase
Posted Dec 13, 2018

tags | headline, hacker, data loss
UK Whitehats Blacklisted By Cisco Talos
Posted Dec 13, 2018

tags | headline, malware, flaw, cisco
Shamoon Destroys Data At Italian Oil And Gas Company
Posted Dec 13, 2018

tags | headline, malware, data loss, italy, scada
Over Half Of Brazil's Population Exposed In Security Incident
Posted Dec 13, 2018

tags | headline, privacy, amazon, data loss, brazil
How To Tell If Your Partner Is Spying On Your Phone
Posted Dec 12, 2018

tags | headline, privacy, phone, spyware
It's December Of 2018 And, To Hell With It, Just Patch Your Stuff
Posted Dec 12, 2018

tags | headline, microsoft, flaw, patch
Former Mt. Gox CEO Could Face 10 Years For Embezzlement
Posted Dec 12, 2018

tags | headline, cybercrime, fraud, japan, cryptography
Ticketmaster Fails To Take Responsibility For Malware
Posted Dec 12, 2018

tags | headline, hacker, privacy, malware, data loss
Experian Exposes Apparent Customer Data In Training Manuals
Posted Dec 12, 2018

tags | headline, privacy, bank, cybercrime, data loss, fraud, identity theft
Planet-Hacking Became More Urgent And Terrifying Than Ever This Year
Posted Dec 11, 2018

tags | headline, science
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close