what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
MD5 | c54b7076bfc79421c5985ff3b7b65cb7
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Hackers Take Down Safari, VMware, And Oracle At Pwn2Own
Posted Mar 22, 2019

tags | headline, hacker, flaw, oracle, apple, conference
Early Cambridge Analytica Fears Revealed
Posted Mar 22, 2019

tags | headline, government, privacy, data loss, fraud, facebook
FB Stored Hundreds Of Millions Of Passwords Unprotected
Posted Mar 22, 2019

tags | headline, privacy, data loss, password, facebook, social
Critical Flaw Lets Hackers Control Lifesaving Devices Implanted Inside Patients
Posted Mar 22, 2019

tags | headline, hacker, flaw
Facial Recognition Takes Off At Airports. Privacy Experts Want It Grounded.
Posted Mar 21, 2019

tags | headline, government, privacy, usa, terror
Korea Spycam Porn: 1,600 Fall Victim And Four Men Arrested
Posted Mar 21, 2019

tags | headline, privacy, fraud, korea
Cisco Patches High Severity Flaws In IP Phones
Posted Mar 21, 2019

tags | headline, flaw, patch, cisco
U.S. Top Court Jeopardizes Google Settlement In Privacy Case
Posted Mar 21, 2019

tags | headline, government, privacy, usa, google
Iran Denies Hacking Phone Of Israeli Election Frontrunner
Posted Mar 20, 2019

tags | headline, hacker, government, privacy, phone, cyberwar, israel, iran
Bank Hackers Team Up To Spread Financial Trojans Worldwide
Posted Mar 20, 2019

tags | headline, hacker, malware, bank, trojan, cybercrime, fraud
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close