Twenty Year Anniversary
Showing 1 - 1 of 1 RSS Feed

Files

adv_ssh1crc.txt
Posted Feb 9, 2001
Authored by Michal Zalewski | Site razor.bindview.com

Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.

tags | remote, overflow, arbitrary, root
MD5 | c54b7076bfc79421c5985ff3b7b65cb7
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Mirai Botnet Adds Three New Attacks To Target IoT Devices
Posted May 19, 2018

tags | headline, malware, botnet
MEPs To Press Zuckerberg On Facebook Privacy
Posted May 18, 2018

tags | headline, government, privacy, facebook
Oh, Great, Now There's A Second Rowhammer Exploit
Posted May 18, 2018

tags | headline, flaw, intel
Alleged CIA Leaker Joshua Schulte Has World's Worst Opsec
Posted May 18, 2018

tags | headline, government, usa, data loss, cia
OpenSSH Arrives In Windows 10 Spring Update
Posted May 18, 2018

tags | headline, privacy, microsoft, cryptography
Julian Assange Said To Have Racked Up $5m Security Bill For Ecuador
Posted May 16, 2018

tags | headline, hacker, britain, data loss
Ex-CIA Man Named As Suspect In Vault 7 Leak
Posted May 16, 2018

tags | headline, government, usa, data loss, spyware, cia
Senators Pass A Resolution To Restore Net Neutrality
Posted May 16, 2018

tags | headline, government, usa
Hacker Breaches Securus, The Company That Helps Cops Track Phones Across The US
Posted May 16, 2018

tags | headline, hacker, government, privacy, phone, spyware
White House Eliminates Cybersecurity Coordinator Role
Posted May 15, 2018

tags | headline, government, usa
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close