exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
SHA-256 | 72f0b876373954999b3e48c286d832d9874353833141a0ee8db15f4cd9b2c873
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In
Posted May 18, 2022

tags | headline, hacker, government, usa, fbi, nsa
Your Data Is Auctioned Off Up To 987 Times A Day, NGO Reports
Posted May 18, 2022

tags | headline, privacy, data loss
April VMware Bugs Abused To Deliver Mirai Malware, Exploit Log4Shell
Posted May 18, 2022

tags | headline, malware, flaw
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days
Posted May 18, 2022

tags | headline, hacker, malware, cyberwar, zero day
State Of Internet Crime In Q1 2022: Bot Traffic On The Rise, And More
Posted May 18, 2022

tags | headline, hacker, malware, cybercrime, data loss, botnet, fraud
Wizard Spider Hackers Hire Cold Callers To Scare Ransomware Victims Into Paying Up
Posted May 18, 2022

tags | headline, hacker, malware, cybercrime, fraud, cryptography
Sysrv-K Botnet Targets Windows, Linux
Posted May 17, 2022

tags | headline, microsoft, linux, botnet
FBI: Hackers Used Malicious PHP Code To Grab Credit Card Data
Posted May 17, 2022

tags | headline, hacker, government, bank, usa, cybercrime, fraud, fbi, backdoor
iPhones Vulnerable To Attack Even When Turned Off
Posted May 17, 2022

tags | headline, phone, flaw, apple
Don't Accidentally Hire A North Korean Hacker, FBI Warns
Posted May 17, 2022

tags | headline, hacker, government, cyberwar, spyware, korea, fbi, backdoor
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close