what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
SHA-256 | 72f0b876373954999b3e48c286d832d9874353833141a0ee8db15f4cd9b2c873
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Ivanti Attacks Linked To Espionage Group Targeting Defense Contractors
Posted Mar 1, 2024

tags | headline, hacker, government, flaw, cyberwar, spyware
Ubiquiti Router Users Urged To Secure Devices Targeted By Russian Hackers
Posted Feb 29, 2024

tags | headline, hacker, russia, flaw, patch
Windows Zero Day Exploited By North Korean Hackers In Rootkit Attack
Posted Feb 29, 2024

tags | headline, hacker, government, microsoft, zero day, north korea
Meta Patches Facebook Account Takeover Vulnerability
Posted Feb 29, 2024

tags | headline, hacker, flaw, password, patch, facebook
Iranian Hackers Target Aviation And Defense Sectors In Middle East
Posted Feb 29, 2024

tags | headline, hacker, government, iran, terror
GitHub Besieged By Millions Of Malicious Repositories In Ongoing Attack
Posted Feb 29, 2024

tags | headline, malware, microsoft
Australian Spy Chief Fears Sabotage Of Critical Infrastructure
Posted Feb 29, 2024

tags | headline, hacker, government, australia, cyberwar, backdoor, scada
Intel Core Ultra vPro Platform Brings New Security Features
Posted Feb 28, 2024

tags | headline, intel
Hackers Steal Personal Information From Pharma Giant Cencora
Posted Feb 28, 2024

tags | headline, hacker, privacy, data loss
US Bans Trading With Canadian Network Intelligence Firm Sandvine
Posted Feb 28, 2024

tags | headline, government, usa, canada, fraud
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close